{ config, pkgs, ... }:

{
  services.restic.backups.system = {
    paths = [
      "/home/.zfs/snapshot/restic"
      "/var/.zfs/snapshot/restic"
    ];
    repository = "s3:s3.us-west-001.backblazeb2.com/nolans-nixos-backups/${config.networking.hostName}";
    environmentFile = config.age.secrets."restic_b2_${config.networking.hostName}".path;
    passwordFile = config.age.secrets."restic_password_${config.networking.hostName}".path;
    initialize = true;
    backupPrepareCommand = ''
      #!${pkgs.bash}/bin/sh
      ${pkgs.zfs}/bin/zfs snapshot zpool/home@restic
      ${pkgs.zfs}/bin/zfs snapshot zpool/var@restic
    '';
    backupCleanupCommand = ''
      #!${pkgs.bash}/bin/sh
      ${pkgs.zfs}/bin/zfs destroy zpool/home@restic
      ${pkgs.zfs}/bin/zfs destroy zpool/var@restic
    '';
    timerConfig.OnCalendar = "hourly";
    pruneOpts = [
      "--keep-daily 7"
      "--keep-weekly 5"
      "--keep-monthly 12"
      "--keep-yearly 2"
    ];
  };

  systemd.tmpfiles.rules = [
    "d /mnt/restic 0700 root root"
  ];

  age.secrets."restic_b2_${config.networking.hostName}".file =
    ../secrets/restic_b2_${config.networking.hostName}.age;
  age.secrets."restic_password_${config.networking.hostName}".file =
    ../secrets/restic_password_${config.networking.hostName}.age;
}