HexName-NixOS/pkgs/restic.nix

{ config, ... }:

{
  # users.groups.hexname-postgres-backup = {};
  # users.users = {
  #   hexname-postgres-backup = {
  #     group = "hexname-postgres-backup";
  #     isSystemUser = true;
  #     createHome = true;
  #     home = "/var/lib/hexname/postgres";
  #   };
  # };

  services.restic.backups = {
    postgres = {
      paths = [
        # This is where I store the output of `pg_dump`, not the DB itself
        "/var/lib/hexname/postgres"
      ];
      repository = "sftp:hexname-postgres-backup@ns2.hexname.com:/etc/backups/ns1";
      extraOptions = [
        "sftp.command='ssh -p 6968 hexname-postgres-backup@ns2.hexname.com -i /etc/env/restic/id_ed25519 -s sftp'"
      ];
      passwordFile = "/etc/env/restic/gateway-password";
      initialize = true;

      timerConfig = null; # Explicitly invoked by backup-postgres.service
      pruneOpts = [
        "--keep-last 36" # 6 hours' worth
        "--keep-daily 7"
        "--keep-weekly 2"
        "--keep-monthly 3"
        "--keep-yearly 1"
      ];
    };
  };
}