dotfiles/modules/nixos/homelab/restic/resticCeres/default.nix

{
  config,
  flake,
  ...
}:
let
  inherit (flake.config.services) instances;
  inherit (flake.config.machines.devices) ceres;
  inherit (flake.config.people) user0;
  envFile = "backblaze/${ceres.name}-env";
  repoFile = "backblaze/${ceres.name}-repo";
  passFile = "restic/${ceres.name}-pass";
in
{
  services.restic = {
    backups = {
      remote = {
        initialize = true;
        environmentFile = config.sops.secrets.${envFile}.path;
        passwordFile = config.sops.secrets.${passFile}.path;
        repositoryFile = config.sops.secrets.${repoFile}.path;
        timerConfig = {
          OnCalendar = "0/4:00";
          Persistent = true;
        };
        paths =
          let
            inst = instance: interface: instances.${instance}.interfaces.${interface}.paths.mntPaths.path0;
          in
          [
            "/home/${user0}/.ssh"
            (inst "forgejo" "interface0")
            (inst "mastodon" "interface0")
            (inst "opencloud" "interface1")
            (inst "minecraft" "interface0")
            (inst "minecraft" "interface1")
            ((inst "jellyfin" "interface0") + "/cache")
            ((inst "jellyfin" "interface0") + "/data")
            ((inst "jellyfin" "interface0") + "/media/music")
          ];
      };
    };
  };

  sops = {
    secrets = builtins.listToAttrs (
      map
        (secret: {
          name = secret;
          value = {
            path = "/run/secrets/${secret}";
            owner = "root";
            group = "root";
            mode = "0600";
          };
        })
        [
          envFile
          repoFile
          passFile
        ]
    );
  };
}
feat: configured syncthing and photoprism 2025-12-14 01:52:25 -06:00			`{`
			`config,`
			`flake,`
			`...`
			`}:`
			`let`
			`inherit (flake.config.services) instances;`
			`inherit (flake.config.machines.devices) ceres;`
			`inherit (flake.config.people) user0;`
			`envFile = "backblaze/${ceres.name}-env";`
			`repoFile = "backblaze/${ceres.name}-repo";`
			`passFile = "restic/${ceres.name}-pass";`
			`in`
			`{`
			`services.restic = {`
			`backups = {`
			`remote = {`
			`initialize = true;`
			`environmentFile = config.sops.secrets.${envFile}.path;`
			`passwordFile = config.sops.secrets.${passFile}.path;`
			`repositoryFile = config.sops.secrets.${repoFile}.path;`
			`timerConfig = {`
			`OnCalendar = "0/4:00";`
			`Persistent = true;`
			`};`
			`paths =`
			`let`
			`inst = instance: interface: instances.${instance}.interfaces.${interface}.paths.mntPaths.path0;`
			`in`
			`[`
			`"/home/${user0}/.ssh"`
			`(inst "forgejo" "interface0")`
			`(inst "mastodon" "interface0")`
			`(inst "opencloud" "interface1")`
			`(inst "minecraft" "interface0")`
			`(inst "minecraft" "interface1")`
			`((inst "jellyfin" "interface0") + "/cache")`
			`((inst "jellyfin" "interface0") + "/data")`
			`((inst "jellyfin" "interface0") + "/media/music")`
			`];`
			`};`
			`};`
			`};`

			`sops = {`
			`secrets = builtins.listToAttrs (`
			`map`
			`(secret: {`
			`name = secret;`
			`value = {`
			`path = "/run/secrets/${secret}";`
			`owner = "root";`
			`group = "root";`
			`mode = "0600";`
			`};`
			`})`
			`[`
			`envFile`
			`repoFile`
			`passFile`
			`]`
			`);`
			`};`
			`}`