nixy/borgbackup: add service

nixy/configuration.nix

@@ -26,6 +26,16 @@
     sopsFile = ./secrets/wg_privkey.yaml;
   };
 
+  sops.secrets."borgbase_enc_key" = {
+    sopsFile = ./secrets/borgbase_enc_key.yaml;
+    owner = config.users.users.akill.name;
+  };
+
+  sops.secrets."borgbase_ssh_key" = {
+    sopsFile = ./secrets/borgbase_ssh_key.yaml;
+    owner = config.users.users.akill.name;
+  };
+
   nix = {
     optimise.automatic = true;
     gc.automatic = true;
@@ -286,6 +296,34 @@
       };
     };
 
+    borgbackup.jobs."borgbase" = let
+      user = config.users.users.akill;
+      home = user.home;
+    in {
+      user = user.name;
+      paths = [
+        (home + "/pic/priv")
+        (home + "/pproj")
+        (home + "/videos/priv")
+      ];
+      exclude = [
+        "**/.ccls_cache"
+        "**/*.d"
+        "**/*.map"
+        "**/*.o"
+        "**/zig-cache"
+        "**/zig-out"
+      ];
+      repo = "ssh://oda929rv@oda929rv.repo.borgbase.com/./repo";
+      encryption = {
+        mode = "repokey-blake2";
+        passCommand = "${pkgs.coreutils-full}/bin/cat ${config.sops.secrets."borgbase_enc_key".path}";
+      };
+      environment.BORG_RSH = "${pkgs.openssh}/bin/ssh -i ${config.sops.secrets."borgbase_ssh_key".path}";
+      compression = "auto,zstd";
+      startAt = "daily";
+    };
+
     nix-serve = {
       enable = false;
       secretKeyFile = "/var/cache-priv-key.pem";