{ config, configVars, ... }: let passwordFile = config.sops.secrets."software/restic-passphrase".path; resticServerCredentials = config.sops.secrets."software/restic-server-credentials".path; backupServerIp = configVars.networking.addresses.backup-server.ip; in { sops.secrets = { "software/restic-passphrase" = {}; "software/restic-server-credentials" = {}; }; sops.secrets = {}; services.restic.backups = { daily = { timerConfig = { OnCalendar = "*-*-* 20:00:00"; Persistent = true; RandomizedDelaySec = "4h"; }; initialize = true; passwordFile = passwordFile; paths = [ ]; repository = "rest:http://${backupServerIp}:8000/"; environmentFile = "${resticServerCredentials}"; pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-monthly 12" ]; }; }; }