From 948e70c78372ccfbf468bcc9751b7ce30c40cba7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20R=C3=B6ger?= <jonas.roeger@tu-dortmund.de>
Date: Wed, 17 Apr 2024 23:41:29 +0200
Subject: [PATCH] 33 current  2024-04-17 23:41:19  23.11.20240405.72da83d 
 6.1.84                          *

---
 home/jonas/borg.nix                   | 96 +++++++++++++++++++++++++++
 home/jonas/home.nix                   |  8 +++
 hosts/comfy-station/configuration.nix |  1 +
 secrets/jonas/borg.yaml               | 22 ++++++
 4 files changed, 127 insertions(+)
 create mode 100644 home/jonas/borg.nix
 create mode 100644 secrets/jonas/borg.yaml

diff --git a/home/jonas/borg.nix b/home/jonas/borg.nix
new file mode 100644
index 0000000..f688df5
--- /dev/null
+++ b/home/jonas/borg.nix
@@ -0,0 +1,96 @@
+{
+  config,
+  pkgs,
+  ...
+}: let
+  defaultChecks = [
+    {
+      name = "repository";
+      frequency = "2 weeks";
+    }
+    {
+      name = "archives";
+      frequency = "4 weeks";
+    }
+    {
+      name = "data";
+      frequency = "6 weeks";
+    }
+    {
+      name = "extract";
+      frequency = "6 weeks";
+    }
+  ];
+  passwordFile = "${config.home.homeDirectory}/.config/borg/password";
+  encCmd = ''cat ${passwordFile}'';
+  repo = "ssh://borg.jroeger.de/comfy-station";
+in {
+  sops.secrets = {
+    "borg/password" = {
+      sopsFile = ../../secrets/jonas/borg.yaml;
+      key = "password";
+      path = passwordFile;
+    };
+  };
+
+  programs.borgmatic.enable = true;
+  programs.borgmatic.backups = {
+    workspaces = {
+      location = {
+        sourceDirectories = ["${config.xdg.userDirs.extraConfig.XDG_WORKSPACES_DIR}"];
+        repositories = [repo];
+        excludeHomeManagerSymlinks = true;
+      };
+      retention = {
+        keepDaily = 7;
+        keepHourly = 12;
+        keepWeekly = 4;
+        keepMonthly = 6;
+      };
+      storage = {
+        encryptionPasscommand = encCmd;
+      };
+      consistency.checks = defaultChecks;
+    };
+    media = {
+      location = {
+        sourceDirectories = [
+          "${config.xdg.userDirs.documents}"
+          "${config.xdg.userDirs.music}"
+          "${config.xdg.userDirs.pictures}"
+          "${config.xdg.userDirs.videos}"
+        ];
+        repositories = [repo];
+        excludeHomeManagerSymlinks = true;
+      };
+      retention = {
+        keepDaily = 7;
+        keepWeekly = 2;
+        keepMonthly = 6;
+      };
+      storage = {
+        encryptionPasscommand = encCmd;
+      };
+      consistency.checks = defaultChecks;
+    };
+    var = {
+      location = {
+        sourceDirectories = [
+          "${config.xdg.userDirs.desktop}"
+          "${config.xdg.userDirs.download}"
+        ];
+        repositories = [repo];
+        excludeHomeManagerSymlinks = true;
+      };
+      retention = {
+        keepDaily = 7;
+        keepWeekly = 2;
+        keepMonthly = 6;
+      };
+      storage = {
+        encryptionPasscommand = encCmd;
+      };
+      consistency.checks = defaultChecks;
+    };
+  };
+}
diff --git a/home/jonas/home.nix b/home/jonas/home.nix
index 913d75b..ce9d8bd 100644
--- a/home/jonas/home.nix
+++ b/home/jonas/home.nix
@@ -4,6 +4,7 @@
   ...
 }: rec {
   imports = [
+    ./borg.nix
     ./firefox.nix
     ./plasma.nix
     ./ssh.nix
@@ -30,6 +31,13 @@
       "x-scheme-handler/unknown" = "firefox.desktop";
     };
   };
+  xdg.userDirs.enable = true;
+  xdg.userDirs.createDirectories = true;
+  xdg.userDirs.extraConfig = {
+    XDG_WORKSPACES_DIR = "${config.home.homeDirectory}/Workspaces";
+    XDG_NEXTCLOUD_DIR = "${config.home.homeDirectory}/Nextcloud";
+    XDG_NOTES_DIR = "${config.home.homeDirectory}/Notes";
+  };
 
   # This value determines the Home Manager release that your configuration is
   # compatible with. This helps avoid breakage when a new Home Manager release
diff --git a/hosts/comfy-station/configuration.nix b/hosts/comfy-station/configuration.nix
index f054ac1..4e789f0 100644
--- a/hosts/comfy-station/configuration.nix
+++ b/hosts/comfy-station/configuration.nix
@@ -51,6 +51,7 @@
     age
     alejandra
     borgbackup
+    borgmatic
     docker
     git
     ranger
diff --git a/secrets/jonas/borg.yaml b/secrets/jonas/borg.yaml
new file mode 100644
index 0000000..45a1d22
--- /dev/null
+++ b/secrets/jonas/borg.yaml
@@ -0,0 +1,22 @@
+repo: ENC[AES256_GCM,data:iKiwwVmH0gZw0tp/MsJQWF6TGyFMc78Hs8h1Fnqz6CqfA8s=,iv:qTNERPdDipOrXefWqk9SKstVpsbgdXVUNtukSwmJ2r8=,tag:ojgzc9XKwq+4tRmFGq06Lg==,type:str]
+password: ENC[AES256_GCM,data:LnS0rAH30QfUukWnbP+xO49vVA==,iv:GCpxdZXtFGAsG6S/mw6s1aKUFa/v6Rt30crKIxLmv80=,tag:g4EcylWvtFZH0j1+uRnQEw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1expg8vyduf290pz7l4f3mjzvk9f0azfdn48pyjzs3m6p7v4qjq0qwtn36z
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPdXVISjczNFVHTW13WjFl
+            UjloRWU2clNBZk1zUlZyVklnb1AzUTBLaXdvClZCM1NybnNjQ3N1TGRVczJKTXFE
+            N3g5QmhxOCtZa3c5b2dGbnFVcVk5V3MKLS0tIGhocDQ4NWtOSTMyK3BxUlJqWHNG
+            OUFzQlZQWGQ5NXBCSWV3M0VYVk0raFEKMsWSxV4cmuRWvGswc7qwcFUcZxAB6YWg
+            55dc1Sj6AAhr17egQPQzEC72Mls5yZVN1ow0xPI2d13l1l7Q8Drq9Q==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-04-17T21:24:51Z"
+    mac: ENC[AES256_GCM,data:zSKO+eHwTv93fLlJa20Me57jv5hcWfDHnzcPaHrlZdb1Sdavf1ledaepPMifQO4hww5SzS6Uptuhkk9n+PSFrOt97jhzMB80aDmYZc5c0RR28fGu0onB4qEccSzCd9wR27JSgCyUnYAS1i3JtOp0pszs+PwQaX2NQPmH/HhhFXQ=,iv:grXkUh3VNE9zunXttKZ+2Mqjk4D7qnUIPUV/o6glHpI=,tag:4ECbvVPCz87D78y98r8Qmw==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1