From 7945f2ef0c941121dc3e6d825c4f502347367a33 Mon Sep 17 00:00:00 2001
From: dadada <dadada@dadada.li>
Date: Sun, 18 Jun 2023 11:49:06 +0200
Subject: [PATCH] ninurta: Make backups

---
 nixos/ninurta/configuration.nix | 41 +++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix
index e205c7e..cc4cc61 100644
--- a/nixos/ninurta/configuration.nix
+++ b/nixos/ninurta/configuration.nix
@@ -77,6 +77,47 @@ in
     path = "/mnt/storage/backups";
   };
 
+  services.borgbackup.jobs."backup1.bs.dadada.li" = {
+    removableDevice = true;
+    paths = [
+      "/var/backup"
+      "/var/lib"
+      "/var/www"
+      "/home"
+    ];
+    exclude = [
+      "/home/*/.cache"
+      "/var/lib/machines"
+    ];
+    repo = "/mnt/storage/backups/${config.networking.hostName}";
+    doInit = true;
+    encryption = {
+      mode = "repokey";
+      passCommand = "cat ${config.age.secrets.ninurta-backup-passphrase.path}";
+    };
+    compression = "auto,lz4";
+    prune.keep = {
+      within = "1d"; # Keep all archives from the last day
+      daily = 7;
+      weekly = 2;
+      monthly = -1; # Keep at least one archive for each month
+      yearly = -1; # Keep at least one archive for each year
+    };
+    startAt = "daily";
+  };
+
+  services.postgresqlBackup = {
+    enable = true;
+    backupAll = true;
+    compression = "zstd";
+    location = "/var/backup/postgresql";
+  };
+
+  age.secrets."ninurta-backup-passphrase" = {
+    file = "${secretsPath}/ninurta-backup-passphrase.age";
+    mode = "400";
+  };
+
   age.secrets.${hydraGitHubAuth} = {
     file = "${secretsPath}/${hydraGitHubAuth}.age";
     mode = "440";