{ pkgs, config, ... }:
let
  borgJob = name: {
    environment = {
      BORG_RSH = "ssh -i ${config.sops.secrets.miniflux-backup-ssh-key.path}";
    };
    repo = "ssh://zh2088@zh2088.rsync.net/./backups/read/${name}";
    compression = "zstd,10";
    startAt = "*-*-* 2:30:00";
    extraInitArgs = "--make-parent-dirs";
    archiveBaseName = name;

    encryption = {
      mode = "repokey-blake2";
      passCommand = "cat ${config.sops.secrets.miniflux-backup-pass.path}";
    };

    prune = {
      keep = {
        within = "1d";
        daily = 7;
        weekly = 4;
        monthly = -1;
      };
    };
  };
in
{
  services = {
    borgbackup.jobs = {
      postgresql = borgJob "postgresql" // {
        paths = [ "/var/backup/postgresql" ];
      };
    };
    postgresqlBackup = {
      enable = true;
      backupAll = true;

      # borg will do compression and deduplication
      compression = "none";

      startAt = "*-*-* 02:00:00";
    };
  };

  environment.systemPackages = [ pkgs.borgbackup ];

}