{ config, lib, ... }: # borg core setup # --------------- # provides an easy interface for all services # to append it's files to be backuped { options = { backup = { enable = lib.mkEnableOption "enable borg backup"; dirs = lib.mkOption { default = [ ]; type = with lib.types; listOf str; description = '' folders to backup ''; }; exclude = lib.mkOption { default = [ ]; type = with lib.types; listOf str; description = '' exclude files and folders matching a pattern. Theses patterns effect all folders in `backup.dirs`. see man borg pattern for more information ''; example = [ ".git" "/home/*/.cache" ".stfolder" ]; }; servers = lib.mkOption { default = { robi.host = "144.76.13.147"; pepe.host = "pepe.private"; }; type = with lib.types; attrsOf (submodule { options = { host = lib.mkOption { type = with lib.types; str; }; user = lib.mkOption { default = "borg"; type = with lib.types; str; }; }; }); description = '' servers to backup to ''; }; }; }; config = let myHostname = config.networking.hostName; setup = { user, host }: { paths = config.backup.dirs; exclude = config.backup.exclude; doInit = true; repo = "${user}@${host}:./${myHostname}"; encryption = { mode = "repokey-blake2"; passCommand = "cat ${config.sops.secrets.backup_repository_passphrase.path}"; }; environment = { BORG_RSH = "ssh -i ${toString config.sops.secrets.backup_ssh_rsa_private.path}"; BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes"; }; compression = "auto,lzma"; startAt = "daily"; prune.keep = { within = "10d"; # Keep all backups in the last 10 days. weekly = 8; # Keep 8 additional end of week archives. monthly = -1; # Keep end of month archive for every month }; }; in lib.mkIf config.backup.enable { sops.secrets.backup_repository_passphrase = { }; sops.secrets.backup_ssh_rsa_private = { }; services.borgbackup.jobs = lib.mapAttrs (_: target: setup target) config.backup.servers; #systemd.services = lib.mapAttrs' # (name: _: { # name = "borgbackup-job-${name}"; # value = { enable = config.backup.dirs != [ ]; }; # }) # config.backup.servers; }; }