6 files changed, 46 insertions, 2 deletions

diff --git a/hosts/aptos/default.nix b/hosts/aptos/default.nix
index 5887d46..04d45ee 100644
--- a/hosts/aptos/default.nix
+++ b/hosts/aptos/default.nix
@@ -7,6 +7,7 @@
     ./networking.nix
     ./profile.nix
     ./home.nix
+    ./services.nix
   ];
 
   virtualisation.docker = { enable = true; };
diff --git a/hosts/aptos/secrets/restic/repo-users.age b/hosts/aptos/secrets/restic/repo-users.age
new file mode 100644
index 0000000..59c435a
--- /dev/null
+++ b/hosts/aptos/secrets/restic/repo-users.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 dtgBNg 5MAt41NmpX7UB+6zxI8NHrXpjvsn0iiEaUDwgt4RWDQ
+40RuB49FnH8WkPptwfiC4Es5b8JkI5PT6eau0f2wtOI
+-> ssh-ed25519 +LF+iw kchufYdtZ4Zp3fT58mFxbe033PLCPHXvMBwdR+xTTFM
+Kya9nVBHiVuDD5DJPQfsl3c5V64uCJb2nbPhWfbFqnA
+-> '-grease a3~x=^
+bn2D2ZS3fW4a42Au7J95HAQPE9IBGOULmNKH6XFWKNi+BzWiG3yo37MOog
+--- jvVR43MbkXMwylmHM3IrKwGjfnL8TdnWRoIrUergBC4
+Us9��������'��`}�m�)N��=~/�}��TDQM�u������v$�
\ No newline at end of file
diff --git a/hosts/aptos/secrets/secrets.nix b/hosts/aptos/secrets/secrets.nix
index 425a15f..05e9662 100644
--- a/hosts/aptos/secrets/secrets.nix
+++ b/hosts/aptos/secrets/secrets.nix
@@ -15,4 +15,9 @@ in {
     publicKeys = [ fcuny aptos ];
     owner = "fcuny";
   };
+
+  "restic/repo-users.age" = {
+    publicKeys = [ fcuny aptos ];
+    owner = "fcuny";
+  };
 }
diff --git a/hosts/aptos/services.nix b/hosts/aptos/services.nix
new file mode 100644
index 0000000..a2210e2
--- /dev/null
+++ b/hosts/aptos/services.nix
@@ -0,0 +1,19 @@
+{ config, ... }:
+let secrets = config.age.secrets;
+in {
+  my.services = {
+    backup = {
+      enable = true;
+      user = "fcuny";
+      repository = "sftp:192.168.0.107:/data/slow/backups/users/fcuny";
+      exclude = [
+        "/home/fcuny/.cache"
+        "/home/fcuny/downloads"
+        "/home/fcuny/workspace/linux.git"
+      ];
+      timerConfig = { OnCalendar = "06:30"; };
+      passwordFile = secrets."restic/repo-users".path;
+      paths = [ "/home/fcuny" ];
+    };
+  };
+}
diff --git a/hosts/tahoe/services.nix b/hosts/tahoe/services.nix
index 7de94f6..9bd7162 100644
--- a/hosts/tahoe/services.nix
+++ b/hosts/tahoe/services.nix
@@ -43,7 +43,8 @@ in {
       repository = "/data/slow/backups/systems";
       timerConfig = { OnCalendar = "00:15"; };
       passwordFile = secrets."restic/repo-systems".path;
-      paths = [ "/data/fast/music" "/data/fast/photos" "/data/fast/videos" ];
+      paths =
+        [ "/home" "/data/fast/music" "/data/fast/photos" "/data/fast/videos" ];
     };
   };
 }
diff --git a/modules/services/backup/default.nix b/modules/services/backup/default.nix
index aefd383..2db1aa8 100644
--- a/modules/services/backup/default.nix
+++ b/modules/services/backup/default.nix
@@ -67,6 +67,15 @@ in {
         When to run the backup. See man systemd.timer for details.
       '';
     };
+
+    user = mkOption {
+      type = types.str;
+      default = "root";
+      description = ''
+        As which user the backup should run.
+      '';
+      example = "postgresql";
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -76,7 +85,7 @@ in {
       extraBackupArgs = [ "--verbose=2" ];
       # Take care of creating the repository if it doesn't exist
       initialize = true;
-      inherit (cfg) passwordFile pruneOpts timerConfig repository;
+      inherit (cfg) passwordFile pruneOpts timerConfig repository user;
     };
   };
 }