{ pkgs, lib, ... }:

with lib;

{
  config = {
    services.borgbackup.repos.jotnar = {
      path = "/srv/backup/borg/jotnar";
      authorizedKeysAppendOnly = let
        dir = ./jotnar;
        toAuthKey = fname: ftype: if ftype != "regular" || !(hasSuffix ".pub" fname) then null else builtins.readFile (dir + "/${fname}");
      in filter (v: v != null) (lib.mapAttrsToList toAuthKey (builtins.readDir dir));
    };

    boot.postBootCommands = mkBefore ''
      ${pkgs.findutils}/bin/find /srv/backup/borg -type d -empty -delete
    '';

    users.users.borg.extraGroups = ["ssh"];

    services.openssh.extraConfig = ''
      Match User borg
        ClientAliveInterval 10
        ClientAliveCountMax 30

      Match All
    '';
  };
}