{ config, lib, ... }: { options = { backup.dirs = lib.mkOption { default = [ ]; type = with lib.types; listOf str; description = '' folders to backup ''; }; backup.exclude = lib.mkOption { default = [ ]; type = with lib.types; listOf str; description = '' exclude files and folders matching a pattern. Theses patterns effect all folders in `backup.dirs`. see man borg pattern for more information ''; example = [ ".git" "/home/*/.cache" ".stfolder" ]; }; }; config = let servers = [ { name = "workhorse"; host = "workhorse.private"; } { name = "pepe"; host = "pepe.private"; } ]; dirs = config.backup.dirs; myHostname = config.networking.hostName; setup = server: { paths = config.backup.dirs; exclude = config.backup.exclude; doInit = true; repo = "borg@${server}:./${myHostname}"; encryption = { mode = "repokey-blake2"; # todo rename # passCommand = "cat ${toString }"; passCommand = "cat ${config.sops.secrets.backup_repository_passphrase.path}"; }; environment.BORG_RSH = "ssh -i ${toString config.sops.secrets.backup_ssh_rsa_private.path}"; compression = "auto,lzma"; startAt = "daily"; prune.keep = { within = "10d"; # Keep all backups in the last 10 days. weekly = 8; # Keep 8 additional end of week archives. monthly = -1; # Keep end of month archive for every month }; }; in { sops.secrets.backup_repository_passphrase = { }; sops.secrets.backup_ssh_rsa_private = { }; services.borgbackup.jobs = let setups = map ({ name, host }: { "${name}" = setup host; }) servers; setupAttrs = lib.zipAttrsWith (_: vals: lib.head vals) setups; nonEmptySetups = lib.filterAttrs (_: { paths, ... }: builtins.length paths != 0) setupAttrs; in nonEmptySetups; }; }