35 lines
906 B
Nix
35 lines
906 B
Nix
{ config, lib, ... }:
|
|
let
|
|
cfg = config.custom.services.borgClient;
|
|
host = config.networking.hostName;
|
|
in
|
|
{
|
|
options.custom.services.borgClient.enable = lib.mkEnableOption "the BorgBackup client";
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
sops.secrets.borg-passphrase = {
|
|
sopsFile = ../../secrets/${host}/borg.yaml;
|
|
};
|
|
|
|
services.borgbackup.jobs.persist = {
|
|
compression = "auto,zstd,16";
|
|
encryption = {
|
|
mode = "repokey";
|
|
passCommand = "cat ${config.sops.secrets.borg-passphrase.path}";
|
|
};
|
|
environment = {
|
|
BORG_RSH = "ssh -i /etc/ssh/ssh_host_ed25519_key";
|
|
};
|
|
paths = "/persist";
|
|
persistentTimer = true;
|
|
prune.keep = {
|
|
within = "1d";
|
|
daily = 7;
|
|
weekly = 4;
|
|
monthly = 12;
|
|
};
|
|
repo = "borg@borg.vsinerva.fi:/persist/borg/${host}";
|
|
startAt = "*-*-* *:00/10:00";
|
|
};
|
|
};
|
|
}
|