1 files changed, 31 insertions, 1 deletions

diff --git a/modules/by-name/ba/backup/module.nix b/modules/by-name/ba/backup/module.nix
index eb7fedf0..7a788764 100644
--- a/modules/by-name/ba/backup/module.nix
+++ b/modules/by-name/ba/backup/module.nix
@@ -11,6 +11,7 @@
   lib,
   config,
   pkgs,
+  libraries,
   ...
 }: let
   cfg = config.soispha.services.backup;
@@ -18,6 +19,8 @@
   snapshotDir = "/srv/last_snapshot";
 in {
   options.soispha.services.backup = {
+    enable = libraries.base.options.mkEnable "backups via restic";
+
     storagebox = {
       enable = lib.mkEnableOption "remote backups";
       user = lib.mkOption {
@@ -56,7 +59,16 @@ in {
     };
   };
 
-  config = {
+  config = lib.mkIf cfg.enable {
+    soispha.impermanence.directories = lib.mkMerge [
+      (lib.mkIf cfg.storagebox.enable [
+        "/var/cache/restic-backups-storagebox"
+      ])
+      (lib.mkIf cfg.local.enable [
+        "/var/cache/restic-backups-local"
+      ])
+    ];
+
     age.secrets = {
       resticStorageboxSshKey = lib.mkIf cfg.storagebox.enable {
         file = cfg.storagebox.sshKey;
@@ -184,6 +196,24 @@ in {
           Persistent = true;
         };
       };
+
+      # This is only for listing, pruning and such stuff.
+      storagebox-admin = lib.mkIf cfg.storagebox.enable {
+        inhibitsSleep = false;
+        initialize = false;
+
+        passwordFile = config.age.secrets.resticStorageboxRepositoryPassword.path;
+        extraOptions = [
+          "rclone.program='ssh -p 23 ${cfg.storagebox.user}@${cfg.storagebox.user}.your-storagebox.de command_forced_on_remote'"
+        ];
+
+        # This setting is normally passed to rclone, but we force
+        # the command on the remote.
+        # As such, the value does not matter and must only be parseable by restic.
+        repository = "rclone: ";
+
+        timerConfig = null;
+      };
     };
   };
 }