{ config, pkgs, ... }:
let
  restic-local = pkgs.writeShellScriptBin "restic-local" ''
    export RESTIC_REPOSITORY="/data/backups/${config.networking.hostName}"
    export RESTIC_PASSWORD_FILE="${config.age.secrets.restic-local-pw.path}"
    exec ${pkgs.restic}/bin/restic "$@"
  '';
in
{
  age = {
    secrets = {
      restic-local-pw = {
        file = ../secrets/restic-pw.age;
      };
      nas-client = {
        file = ../secrets/nas_client.age;
      };
    };
  };

  boot.kernelModules = [
    "cifs"
    "cmac"
    "sha256"
  ];

  environment.systemPackages = [
    pkgs.cifs-utils
    pkgs.restic
    restic-local
  ];

  systemd.mounts = [
    {
      description = "Mount for NAS volume";
      what = "//192.168.1.68/backups";
      where = "/data/backups/";
      unitConfig = {
        Type = "cifs";
      };
      type = "cifs";
      options = "credentials=${config.age.secrets.nas-client.path},uid=1000,gid=1000,rw";
    }
  ];
  systemd.automounts = [
    {
      description = "Automount for NAS volume backups";
      where = "/data/backups";
      wantedBy = [ "multi-user.target" ];
    }
  ];

  services.restic = {
    backups = {
      local = {
        paths = [ ];
        passwordFile = config.age.secrets.restic-local-pw.path;
        repository = "/data/backups/${config.networking.hostName}";
        initialize = true;
        timerConfig.OnCalendar = "*-*-* *:00:00";
        timerConfig.RandomizedDelaySec = "5m";
        extraBackupArgs = [ ];
      };
    };
  };
}