{ pkgs, config, ... }: let secrets = config.services.secrets.secrets; # Because gotosocial-admin isn't a seporate package we need to generate a seperate config # and duplicate the wrapper for use in a systemd unit goToSocialConfigFile = (pkgs.formats.yaml {}).generate "config.yml" config.services.gotosocial.settings; goToSocialAdmin = "${(pkgs.writeShellScriptBin "goToSocialAdmin" '' exec systemd-run \ -u gotosocial-admin.service \ -p Group=gotosocial \ -p User=gotosocial \ -q -t -G --wait --service-type=exec \ ${pkgs.gotosocial}/bin/gotosocial --config-path ${goToSocialConfigFile} admin "$@" '')}/bin/goToSocialAdmin"; backupPrepareCommand = "${ (pkgs.writeShellScriptBin "backupPrepareCommand" '' systemctl stop gotosocial ${goToSocialAdmin} export --path /var/lib/gotosocial/gts-export.json ${goToSocialAdmin} media prune all --dry-run=false systemctl start gotosocial '') }/bin/backupPrepareCommand"; backupCleanupCommand = "${(pkgs.writeShellScriptBin "backupCleanupCommand" '' rm /var/lib/gotosocial/gts-export.json || true '')}/bin/backupCleanupCommand"; in { environment.systemPackages = with pkgs; [ restic (pkgs.writeShellScriptBin "restic-social" '' env \ RESTIC_PASSWORD_FILE=${secrets.restic_password.path} \ $(cat ${secrets.restic_env.path}) \ ${pkgs.restic}/bin/restic $@ '') ]; services.restic.backups.social = { user = "root"; paths = [ "/var/lib/gotosocial" ]; # repository is overrided in environmentFile to contain auth # make sure to keep up to date when changing repository repository = "rest:https://storage-restic.owo.monster/Social"; passwordFile = "${secrets.restic_password.path}"; environmentFile = "${secrets.restic_env.path}"; pruneOpts = [ "--keep-last 10" ]; timerConfig = { OnBootSec = "1m"; OnCalendar = "daily"; }; inherit backupPrepareCommand; inherit backupCleanupCommand; }; }