1 files changed, 36 insertions, 0 deletions

diff --git a/hosts/vidhar/borg/default.nix b/hosts/vidhar/borg/default.nix
new file mode 100644
index 00000000..d338dfd6
--- /dev/null
+++ b/hosts/vidhar/borg/default.nix
@@ -0,0 +1,36 @@
+{ pkgs, lib, ... }:
+
+with lib;
+
+{
+  config = {
+    services.borgbackup.repos.borg = {
+      path = "/srv/backup/borg";
+      authorizedKeysAppendOnly = let
+        dir = ./authorized-keys;
+        toAuthKey = fname: ftype: if ftype != "regular" || !(hasSuffix ".pub" fname) then null else builtins.readFile (dir + "/${fname}");
+      in filter (v: v != null) (lib.mapAttrsToList toAuthKey (builtins.readDir dir));
+    };
+
+    boot.postBootCommands = mkBefore ''
+      ${pkgs.findutils}/bin/find /srv/backup/borg -maxdepth 1 -type d -empty -delete
+    '';
+
+    services.openssh.extraConfig = ''
+      Match User borg
+        ClientAliveInterval 10
+        ClientAliveCountMax 30
+
+      Match All
+    '';
+
+    sops.secrets.borg-passphrase = {
+      sopsFile = ./passphrase.yaml;
+      format = "yaml";
+      key = "borg";
+      owner = "borg";
+      group = "borg";
+      mode = "0440";
+    };
+  };
+}