From 7de23d3b047965aa47da2b6ee681b4d120ec8f98 Mon Sep 17 00:00:00 2001
From: lightly-toasted <tooast@duck.com>
Date: Sat, 1 Nov 2025 16:34:34 +0900
Subject: [PATCH] feat(vps): add restic

---
 hosts/vps/modules/services/default.nix |  1 +
 hosts/vps/modules/services/restic.nix  | 32 ++++++++++++++++++++++++++
 2 files changed, 33 insertions(+)
 create mode 100644 hosts/vps/modules/services/restic.nix

diff --git a/hosts/vps/modules/services/default.nix b/hosts/vps/modules/services/default.nix
index 53755a6..b0ce7a6 100644
--- a/hosts/vps/modules/services/default.nix
+++ b/hosts/vps/modules/services/default.nix
@@ -7,5 +7,6 @@
     ./caddy.nix
     ./forgejo.nix
     ./trilium-server.nix
+    ./restic.nix
   ];
 }
diff --git a/hosts/vps/modules/services/restic.nix b/hosts/vps/modules/services/restic.nix
new file mode 100644
index 0000000..b6d6145
--- /dev/null
+++ b/hosts/vps/modules/services/restic.nix
@@ -0,0 +1,32 @@
+{ config, ... }:
+
+{
+  sops.secrets = {
+    "restic/password" = {};
+    "restic/env" = {};
+  };
+
+  services.restic.backups.b2 = {
+    initialize = true;
+    inhibitsSleep = true;
+    passwordFile = config.sops.secrets."restic/password".path;
+    paths = [
+      "/var/lib/zipline"
+      "/var/lib/postgresql"
+      "/var/lib/forgejo"
+      "/var/lib/trilium"
+      "/var/lib/bitwarden_rs"
+    ];
+    repository = "s3:https://s3.us-east-005.backblazeb2.com/restic-backups-vps";
+    environmentFile = config.sops.secrets."restic/env".path;
+    pruneOpts = [
+      "--keep-daily 7"
+      "--keep-weekly 3"
+      "--keep-monthly 3"
+    ];
+    timerConfig = {
+      OnCalendar = "daily";
+      Persistent = true;
+    };
+  };
+}