From 30ae0e09694f62d21ba88819041d1cc5e82916cf Mon Sep 17 00:00:00 2001
From: Daniel Flanagan <daniel@lyte.dev>
Date: Wed, 1 Nov 2023 13:01:56 -0500
Subject: [PATCH] DRY backups

---
 nixos/beefcake/default.nix | 55 +++++++++++++++++++-------------------
 1 file changed, 28 insertions(+), 27 deletions(-)

diff --git a/nixos/beefcake/default.nix b/nixos/beefcake/default.nix
index 00c5f57..9b4422b 100644
--- a/nixos/beefcake/default.nix
+++ b/nixos/beefcake/default.nix
@@ -607,49 +607,50 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
   # TODO: move previous backups over and put here
   # clickhouse and plausible analytics once they're up and running?
 
-  services.restic.backups = rec {
-    local = {
-      initialize = true;
+  services.restic.backups = let
+    defaults = {
       passwordFile = "/root/restic-localbackup-password";
       paths = [
         "/storage/files.lyte.dev"
         "/storage/daniel"
         "/storage/gitea" # TODO: should maybe use configuration.nix's services.gitea.dump ?
-        "/var/lib/bitwarden_rs" # does this need any sqlite preprocessing?
+        "/storage/postgres-backups"
+
         # https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault
         # specifically, https://github.com/dani-garcia/vaultwarden/wiki/Backing-up-your-vault#sqlite-database-files
-        # TODO: backup lidarr/radarr configs?
+        "/var/lib/bitwarden_rs" # does this need any sqlite preprocessing?
 
-        "/storage/postgres-backups"
+        # TODO: backup *arr configs?
       ];
+      initialize = true;
       exclude = [];
-      repository = "/storage/backups/local";
-    };
-    rascal = {
-      initialize = true;
-      extraOptions = [
-        "sftp.command='ssh beefcake@rascal -i /root/.ssh/id_ed25519 -s sftp'"
-      ];
-      passwordFile = local.passwordFile;
-      paths = local.paths;
-      repository = "sftp://beefcake@rascal://storage/backups/beefcake";
       timerConfig = {
         OnCalendar = "04:45";
       };
     };
+  in {
+    local =
+      defaults
+      // {
+        repository = "/storage/backups/local";
+      };
+    rascal =
+      defaults
+      // {
+        extraOptions = [
+          "sftp.command='ssh beefcake@rascal -i /root/.ssh/id_ed25519 -s sftp'"
+        ];
+        repository = "sftp://beefcake@rascal://storage/backups/beefcake";
+      };
     # TODO: add ruby?
-    benland = {
-      initialize = true;
-      extraOptions = [
-        "sftp.command='ssh daniel@n.benhaney.com -p 10022 -i /root/.ssh/id_ed25519 -s sftp'"
-      ];
-      passwordFile = local.passwordFile;
-      paths = local.paths;
-      repository = "sftp://daniel@n.benhaney.com://storage/backups/beefcake";
-      timerConfig = {
-        OnCalendar = "04:45";
+    benland =
+      defaults
+      // {
+        extraOptions = [
+          "sftp.command='ssh daniel@n.benhaney.com -p 10022 -i /root/.ssh/id_ed25519 -s sftp'"
+        ];
+        repository = "sftp://daniel@n.benhaney.com://storage/backups/beefcake";
       };
-    };
   };
 
   networking.firewall.allowedTCPPorts = [