nixos/hosts/common/optional/restic-backup.nix

{
  config,
  configVars,
  ...
}: let
  passwordFile = config.sops.secrets."software/restic-passphrase".path;
  resticServerCredentials = config.sops.secrets."software/restic-server-credentials".path;
  backupServerIp = configVars.networking.addresses.backup-server.ip;
in {
  sops.secrets = {
    "software/restic-passphrase" = {};
    "software/restic-server-credentials" = {};
  };
  sops.secrets = {};
  services.restic.backups = {
    daily = {
      initialize = true;
      passwordFile = passwordFile;
      paths = [
      ];
      repository = "rest:http://${backupServerIp}:8000/";
      environmentFile = "${resticServerCredentials}";
      pruneOpts = [
        "--keep-daily 7"
        "--keep-weekly 5"
        "--keep-monthly 12"
      ];
    };
  };
}