nixos-config/nixos/modules/borg-jobs.nix

{ config, lib, ... }:
# borg core setup
# ---------------
# provides an easy interface for all services
# to append it's files to be backuped
{

  options = {
    backup = {
      enable = lib.mkEnableOption "enable borg backup";
      dirs = lib.mkOption {
        default = [ ];
        type = with lib.types; listOf str;
        description = ''
          folders to backup
        '';
      };
      exclude = lib.mkOption {
        default = [ ];
        type = with lib.types; listOf str;
        description = ''
          exclude files and folders matching a pattern.
          Theses patterns effect all folders in `backup.dirs`.
          see man borg pattern for more information
        '';
        example = [ ".git" "/home/*/.cache" ".stfolder" ];
      };
      servers = lib.mkOption {
        default = {
          robi.host = "144.76.13.147";
          pepe.host = "pepe.private";
        };
        type = with lib.types; attrsOf (submodule {
          options = {
            host = lib.mkOption {
              type = with lib.types; str;
            };
            user = lib.mkOption {
              default = "borg";
              type = with lib.types; str;
            };
          };
        });
        description = ''
          servers to backup to
        '';
      };
    };
  };

  config =
    let
      myHostname = config.networking.hostName;
      setup = { user, host }: {
        paths = config.backup.dirs;
        exclude = config.backup.exclude;
        doInit = true;
        repo = "${user}@${host}:./${myHostname}";
        encryption = {
          mode = "repokey-blake2";
          passCommand = "cat ${config.sops.secrets.backup_repository_passphrase.path}";
        };
        environment = {
          BORG_RSH = "ssh -i ${toString config.sops.secrets.backup_ssh_rsa_private.path}";
          BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes";
        };
        compression = "auto,lzma";
        startAt = "daily";
        prune.keep = {
          within = "10d"; # Keep all backups in the last 10 days.
          weekly = 8; # Keep 8 additional end of week archives.
          monthly = -1; # Keep end of month archive for every month
        };
      };

    in

    lib.mkIf config.backup.enable {

      sops.secrets.backup_repository_passphrase = { };
      sops.secrets.backup_ssh_rsa_private = { };

      services.borgbackup.jobs =
        lib.mapAttrs (_: target: setup target) config.backup.servers;

      #systemd.services = lib.mapAttrs'
      #  (name: _: {
      #    name = "borgbackup-job-${name}";
      #    value = { enable = config.backup.dirs != [ ]; };
      #  })
      #  config.backup.servers;

    };


}