{ config, lib, ... }:

with lib;
let
  cfg = config.modules.services.backup;
in
{
  options.modules.services.backup = {
    enable = mkEnableOption "borg-based backup solution";
    name = lib.mkOption {
      type = lib.types.str;
      default = "${config.networking.hostName}-rolling";
      description = ''
        Name of the backup job
      '';
    };

    paths = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      description = ''
        Paths to back up
      '';
    };
    exclude = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      default = [ ];
      description = ''
        Paths to exclude
      '';
    };
    repo = lib.mkOption {
      type = lib.types.str;
      description = ''
        Path to the repository to back up to
      '';
    };
    repoKeyPath = lib.mkOption {
      type = lib.types.str;
      description = ''
        Path to the repository key
      '';
    };
    sshKeyPath = lib.mkOption {
      type = lib.types.str;
      description = ''
        Path to the ssh key
      '';
    };
    rsyncNet = lib.mkOption {
      type = lib.types.bool;
      default = false;
      description = ''
        Whether to enable rsync.net specific patches
      '';
    };
  };

  config = mkIf cfg.enable {
    services.borgbackup.jobs.${cfg.name} = {
      inherit (cfg) paths exclude repo;

      prune.keep = {
        within = "1d"; # Keep all archives from the last day
        daily = 7;
        weekly = 4;
        monthly = 3;
      };

      encryption.mode = "repokey-blake2";
      encryption.passCommand = "cat ${cfg.repoKeyPath}";

      environment.BORG_RSH = "ssh -i ${cfg.sshKeyPath}";
      environment.BORG_REMOTE_PATH = lib.mkIf cfg.rsyncNet "/usr/local/bin/borg1/borg1";
      # use borg 1.0+ on rsync.net
      extraCreateArgs = "--verbose --stats --checkpoint-interval 600";
      compression = "auto,zstd";
      startAt = "*-*-* 03:00:00"; # pgsql backup runs on 01:15:00
      persistentTimer = true;
    };
  };
}