# To initialize repo
# borg init --encryption=keyfile /staging/backup
# Key file also stored in pass
{ config, lib, pkgs, ... }:
let
  repo = /staging/backup
in
{
  systemd.services.borg-backup = {
    description = "Run backups.";
    path = with pkgs [ borgbackup ];
    startAt = "*-*-* 02:30:00";
    environment = {
      BORG_KEYS_DIR = "/opt/secret/borg-backup-keys/";
      REPOSITORY = "/staging/backup";
    };
    serviceConfig = {
      RemainAfterExit = true;
    };
    script = ''
      echo "Creating backup"
      borg create -v --stats                     \
        --compression lzma,6                     \
        $REPOSITORY::'storage-{now:%Y-%m-%d}'    \
        /storage

      borg create -v --stats                     \
        --compression lzma,6                     \
        $REPOSITORY::'{hostname}-{now:%Y-%m-%d}' \
        /opt /home

      echo "Pruning old versions"
      borg prune -v --list $REPOSITORY --prefix 'storage-' \
        --keep-daily=7 --keep-weekly=4 --keep-monthly=6  
      borg prune -v --list $REPOSITORY --prefix '{hostname}-' \
        --keep-daily=7 --keep-weekly=4 --keep-monthly=6  
    '';
  };
};