From 56ca8bd17a1739cdd1f8199898b13750bdc5921a Mon Sep 17 00:00:00 2001
From: Nolan Darilek <nolan@thewordnerd.info>
Date: Fri, 18 Apr 2025 19:38:24 -0500
Subject: [PATCH] Get Restic backups working.

---
 roles/restic.nix | 48 +++++++++++++++++++++++++++---------------------
 1 file changed, 27 insertions(+), 21 deletions(-)

diff --git a/roles/restic.nix b/roles/restic.nix
index 8ea4abe..f5f435d 100644
--- a/roles/restic.nix
+++ b/roles/restic.nix
@@ -1,32 +1,38 @@
 { config, pkgs, ... }:
 
 {
-  services.restic.backups.home = {
-    paths = [ "/home/.zfs/snapshot/restic" ];
+  services.restic.backups.system = {
+    paths = [
+      "/home/.zfs/snapshot/restic"
+      "/var/.zfs/snapshot/restic"
+    ];
     repository = "s3:s3.us-west-001.backblazeb2.com/nolans-nixos-backups/${config.networking.hostName}";
     environmentFile = config.age.secrets."restic_b2_${config.networking.hostName}".path;
     passwordFile = config.age.secrets."restic_password_${config.networking.hostName}".path;
     initialize = true;
-    backupPrepareCommand = "${pkgs.zfs}/bin/zfs snapshot zpool/home@restic";
-    backupCleanupCommand = "${pkgs.zfs}/bin/zfs destroy zpool/home@restic";
-    timerConfig = {
-      OnCalendar = "hourly";
-      Persistent = true;
-    };
-  };
-  services.restic.backups.var = {
-    paths = [ "/var/.zfs/snapshot/restic" ];
-    repository = "s3:s3.us-west-001.backblazeb2.com/nolans-nixos-backups/${config.networking.hostName}";
-    environmentFile = config.age.secrets."restic_b2_${config.networking.hostName}".path;
-    passwordFile = config.age.secrets."restic_password_${config.networking.hostName}".path;
-    initialize = true;
-    backupPrepareCommand = "${pkgs.zfs}/bin/zfs snapshot zpool/var@restic";
-    backupCleanupCommand = "${pkgs.zfs}/bin/zfs destroy zpool/var@restic";
-    timerConfig = {
-      OnCalendar = "hourly";
-      Persistent = true;
-    };
+    backupPrepareCommand = ''
+      #!${pkgs.bash}/bin/sh
+      ${pkgs.zfs}/bin/zfs snapshot zpool/home@restic
+      ${pkgs.zfs}/bin/zfs snapshot zpool/var@restic
+    '';
+    backupCleanupCommand = ''
+      #!${pkgs.bash}/bin/sh
+      ${pkgs.zfs}/bin/zfs destroy zpool/home@restic
+      ${pkgs.zfs}/bin/zfs destroy zpool/var@restic
+    '';
+    timerConfig.OnCalendar = "hourly";
+    pruneOpts = [
+      "--keep-daily 7"
+      "--keep-weekly 5"
+      "--keep-monthly 12"
+      "--keep-yearly 2"
+    ];
   };
+
+  systemd.tmpfiles.rules = [
+    "d /mnt/restic 0700 root root"
+  ];
+
   age.secrets."restic_b2_${config.networking.hostName}".file =
     ../secrets/restic_b2_${config.networking.hostName}.age;
   age.secrets."restic_password_${config.networking.hostName}".file =