{ config, pkgs, ... }: { age.secrets."borg/passphrase" = { file = ../../../../secrets/thinkpad/borg/passphrase.age; owner = "rouven"; }; environment.systemPackages = [ pkgs.borgbackup ]; services.borgmatic = { enable = true; settings = { source_directories = [ "/var/lib" "/var/log" "/nix/persist" "/home" "/etc/secureboot" ]; repositories = [ { label = "nuc"; path = "ssh://root@192.168.42.2/mnt/backup/thinkpad"; } ]; exclude_patterns = [ "/home/*/.cache" "/home/*/.zcomp*" "/home/*/.zcomp*" "/home/*/.gradle*" "/home/*/.java*" "/home/*/.m2*" "/home/*/.wine*" "/home/*/.mypy_cache*" "/home/*/.local/share" # contains very big files that don't need to clutter up the backup # if I ever happen to have important data in virtual machines, this can be reconsidered "/var/lib/libvirt" ]; encryption_passcommand = "${pkgs.coreutils}/bin/cat ${config.age.secrets."borg/passphrase".path}"; compression = "lz4"; keep_daily = 7; keep_weekly = 4; keep_monthly = 12; keep_yearly = 3; }; }; }