{ pkgs, config, ... }:
let
  # Backup home script
  backup-home = pkgs.writeShellApplication {
    name = "backup-home";
    runtimeInputs = with pkgs; [
      coreutils
      curl
      jq
      libnotify
      restic
    ];
    text = ''
      echo "========== BACKUP HOME STARTING =========="
      export RESTIC_PASSWORD="gunter.home.2rjus.net"
      export RESTIC_REPOSITORY="rest:http://10.69.12.52:8000/gunter.home.2rjus.net"
      SECRET_PATH="$XDG_CONFIG_HOME/sops-nix/secrets/gotify_backup_home"

      if ! [ -f "$SECRET_PATH" ]; then
        notify-send -u critical "Backup issue" "Secret file for gotify token does not exist"
      else
        GOTIFY_TOKEN=$(<"$SECRET_PATH")
        if [ -z "$GOTIFY_TOKEN" ]; then
          notify-send -u critical "Backup issue" "No Gotify token found"
        fi
      fi

      # Send start notification
      notify-send -e -t 3000 "Backup started" "Backup of /home/torjus started"
      retval=$?
      if [ $retval -ne 0 ]; then
          echo "Failed to send notification"
      fi

      # Do the backup
      echo "========== BACKUP TASK STARTING =========="
      SECONDS=0
      restic backup /home/torjus \
          --exclude '/home/torjus/.cache' \
          --exclude '/home/torjus/.local/share/Steam' \
          --exclude '/home/torjus/.local/share/containers' \
          --exclude '/home/torjus/.var' \
          --exclude '/home/torjus/.local/share/lutris' \
          --exclude '/home/torjus/.npm' \
          --exclude '/home/torjus/.factorio/mods' \
          --exclude '/home/torjus/.zoom' \
          --exclude '/home/torjus/git/nixpkgs'
      retval=$?
      if [ $retval -ne 0 ]; then
          notify-send -u critical "Backup failed" "Backup of /home/torjus failed"
          retval=$?
          if [ $retval -ne 0 ]; then
            curl "https://gotify.t-juice.club/message?token=$GOTIFY_TOKEN" \
              -F "title=Backup of home@gunter failed!" \
              -F "message=Please check status of backup-home service"
          fi
      fi
      BACKUP_DURATION="$SECONDS"
      echo "========== BACKUP TASK COMPLETE =========="

      # Remove old snapshots and prune
      echo "========== PRUNE TASK STARTING =========="
      restic forget -d 7 -w 4 -m 6 --keep-within 1d --prune
      echo "========== PRUNE TASK COMPLETE =========="
      # Gather statistics
      echo "========== STATS TASK STARTING =========="
      stats=$(restic stats --json)
      stats_raw=$(restic stats --mode=raw-data --json)

      raw_size=$(jq -r '.total_size' <<< "$stats_raw" \
          | numfmt --to=iec --suffix=B --format="%.2f")
      total_size=$(jq -r '.total_size' <<< "$stats" \
          | numfmt --to=iec --suffix=B --format="%.2f")
      total_files=$(jq -r '.total_file_count' <<< "$stats" \
          | numfmt --to=iec)
      total_snapshots=$(jq -r '.snapshots_count' <<< "$stats")
      message="$total_files files\n$total_snapshots snapshots\n$raw_size ($total_size)"
      echo "========== STATS TASK COMPLETE =========="

      # Send completion notification
      notify-send -i checkmark -e -t 10000 \
          "Backup of /home/torjus completed in ''${BACKUP_DURATION}s (''${SECONDS}s total)" "$message"
      retval=$?
      if [ $retval -ne 0 ]; then
          echo "Failed to send notification"
          exit $retval
      fi
      echo "========== BACKUP HOME COMPLETE =========="
    '';
  };
in
{
  sops.secrets."gotify_backup_home" = { };

  systemd.user.services.backup-home = {
    Unit = {
      Description = "Backup home directory";
      After = [
        "network.target"
        "sops-nix.service"
      ];
    };
    Service = {
      Type = "oneshot";
      ExecStart = "${backup-home}/bin/backup-home";
    };
  };
  systemd.user.timers.backup-home = {
    Unit = {
      Description = "Backup home directory";
      After = [ "network.target" ];
    };
    Timer = {
      OnCalendar = "*-*-* *:00:00";
      Persistent = true;
    };
    Install = {
      WantedBy = [
        "timers.target"
        "graphical-session.target"
      ];
    };
  };
}