feat: added restic

modules/nixos/services/restic/default.nix

@@ -0,0 +1,75 @@
+{
+  config,
+  flake,
+  pkgs,
+  ...
+}:
+let
+  inherit (flake.config.services) instances;
+  inherit (flake.config.people) user0;
+  envFile = "backblaze/env";
+  repoFile = "backblaze/repo";
+  passFile = "restic-pass";
+in
+{
+  services.restic = {
+    backups = {
+      remote = {
+        environmentFile = config.sops.secrets.${envFile}.path;
+        initialize = true;
+        passwordFile = config.sops.secrets.${passFile}.path;
+        repositoryFile = config.sops.secrets.${repoFile}.path;
+        timerConfig = {
+          OnCalendar = "0/4:00";
+          Persistent = true;
+        };
+        paths = [
+          "/home/${user0}/.ssh"
+          instances.firefly-iii.mntPaths.path0
+          instances.forgejo.mntPaths.path0
+          instances.mastodon.mntPaths.path0
+          instances.minecraft.mntPaths.path0
+          instances.opencloud.mntPaths.path0
+          instances.vaultwarden.mntPaths.path0
+          "${instances.jellyfin.mntPaths.path0}/cache"
+          "${instances.jellyfin.mntPaths.path0}/data"
+          "${instances.jellyfin.mntPaths.path0}/media/Music"
+        ];
+      };
+    };
+  };
+
+  sops = {
+    secrets = builtins.listToAttrs (
+      map
+        (secret: {
+          name = secret;
+          value = {
+            path = "/run/secrets/${secret}";
+            owner = "root";
+            group = "root";
+            mode = "0600";
+          };
+        })
+        [
+          envFile
+          repoFile
+          passFile
+        ]
+    );
+  };
+
+  environment = {
+    variables = {
+      # AWS_ACCESS_KEY_ID = "";
+      # AWS_SECRET_ACCESS_KEY = "";
+      # RESTIC_PASSWORD_FILE = "pass.txt";
+      # RESTIC_REPOSITORY = "";
+    };
+    systemPackages = builtins.attrValues {
+      inherit (pkgs)
+        restic
+        ;
+    };
+  };
+}