nix-config/hosts/common/optional/restic.nix

{ pkgs, config, ... }:
{
  sops.secrets.restic-environment = {
    owner = "root";
    group = "root";
    sopsFile = ./secrets.yaml;
  };

  sops.secrets.restic-password = {
    owner = "root";
    group = "root";
    sopsFile = ./secrets.yaml;
  };

  sops.secrets.restic-repository = {
    owner = "root";
    group = "root";
    sopsFile = ./secrets.yaml;
  };

  services.restic.backups = {
    daily = {
      initialize = true;

      repositoryFile = config.sops.secrets.restic-repository.path;
      passwordFile = config.sops.secrets.restic-password.path;
      environmentFile = config.sops.secrets.restic-environment.path;

      paths = [
        config.users.users.lander.home
      ];

      exclude = [
        "/var/cache"
        "/home/*/.cache"
      ];

      pruneOpts = [
        "--keep-daily 7"
        "--keep-weekly 5"
        "--keep-weekly 12"
      ];
    };
  };
}