{ lib, config, pkgs, ... }: let mail_config = (import ./mailserver/config.nix { }); backupUser = "root"; backupPaths = [ "/secrets" "/var/lib/vault" "/var/lib/acme" # Quassel & Invidious "/var/backup/postgresql" "/home/quassel/.config/quassel-irc.org" # MPD State "/mpd" # doesn't work for restoring might as well not backup # "/var/lib/tailscale" # mail mail_config.vmail_config.directory mail_config.sieve_directory mail_config.dkim_directory "/var/lib/redis-rspamd" ]; backupPrepareCommand = "${ (pkgs.writeShellScriptBin "backupPrepareCommand" '' systemctl start postgresqlBackup --wait '') }/bin/backupPrepareCommand"; timerConfig = { OnBootSec = "1m"; OnCalendar = "daily"; }; repos = { Chaos-Backups-HetznerVM = { repository = "b2:Chaos-Backups:HetznerVM"; passwordFile = "/secrets/restic-Chaos-Backups-HetznerVM-password"; environmentFile = "/secrets/restic-Chaos-Backups-HetznerVM-env"; }; Cassie-Backups-HetznerVM = { repository = "b2:Cryptidz-Backup:HetznerVM"; passwordFile = "/secrets/restic-Cassie-Backups-HetznerVM-password"; environmentFile = "/secrets/restic-Cassie-Backups-HetznerVM-env"; }; }; restic_commands = lib.mapAttrsToList (repoName: repoInfo: ( # nya pkgs.writeShellScriptBin "restic-${repoName}" '' env \ $(cat ${repoInfo.environmentFile}) \ RESTIC_PASSWORD_FILE=${repoInfo.passwordFile} \ RESTIC_REPOSITORY=${repoInfo.repository} \ ${pkgs.restic}/bin/restic $@ '')) repos; in { environment.systemPackages = restic_commands; services.restic.backups.hetzner-vm = lib.mkMerge [ { user = backupUser; paths = backupPaths; inherit timerConfig; inherit backupPrepareCommand; } repos.Chaos-Backups-HetznerVM ]; services.restic.backups.cassie-hetzner-vm = lib.mkMerge [ { user = backupUser; paths = backupPaths; inherit timerConfig; inherit backupPrepareCommand; } repos.Cassie-Backups-HetznerVM ]; services.postgresqlBackup = { enable = true; backupAll = true; compression = "zstd"; }; }