{ lib, config, pkgs, ... }: let cfg = config.backup-helper; restic-wrapper = pkgs.writeShellApplication { name = "restic-wrapper"; runtimeInputs = [ pkgs.restic pkgs.systemd ]; text = '' echo "Starting backup."; path="$(systemd-escape -u --path ''${1})"; restic backup "$path"; restic forget -d 7 -w 4 -m 6 --keep-within 1d --prune ''; }; in { options.backup-helper.enable = lib.mkEnableOption "Enable backup-helper"; options.backup-helper = { restic-repository = lib.mkOption { type = lib.types.str; default = "rest:http://10.69.12.52:8000/backup-nix"; description = "Repository to use for restic backup."; }; backup-dirs = lib.mkOption { type = lib.types.listOf lib.types.str; default = [ ]; description = "Directories to be backed up."; }; schedule = lib.mkOption { type = lib.types.str; default = "*-*-* 00:00:00"; description = "Schedule for backups. Needs to be valid systemd OnCalendar value."; }; password-file = lib.mkOption { type = lib.types.str; default = null; description = "File containing the restic password."; }; randomized-delay = lib.mkOption { type = lib.types.int; default = 0; description = "Randomized delay in seconds to spread out backups."; }; }; config = lib.mkIf cfg.enable { systemd.services."backup-helper@" = { after = "network-online.target"; enable = false; environment = { RESTIC_REPOSITORY = cfg.restic-repository; } // lib.attrsets.optionalAttrs (builtins.hasAttr "password-file" cfg) { RESTIC_PASSWORD_FILE = cfg.password-file; }; serviceConfig = { Type = "oneshot"; ExecStart = "${restic-wrapper}/bin/restic-wrapper %i"; }; }; systemd.timers."backup-helper@" = { enable = false; environment = { timerConfig = { OnCalendar = cfg.schedule; Persistent = true; RandomizedDelaySec = cfg.randomized-delay; }; }; }; }; }