{
  pkgs,
  config,
  lib,
  ...
}:
with lib;
let
  borgJob = name: {
    environment = {
      BORG_RSH = "ssh -i ${config.sops.secrets.gitea_backup_ssh_key.path}";
    };
    repo = "ssh://zh2088@zh2088.rsync.net/./backups/forgejo/${name}";
    compression = "zstd,10";
    startAt = "*-*-* 2,6,10,14,18,22:30:00";
    extraInitArgs = "--make-parent-dirs";
    archiveBaseName = name;

    encryption = {
      mode = "repokey-blake2";
      passCommand = "cat ${config.sops.secrets.gitea_backup_pass.path}";
    };

    prune = {
      keep = {
        within = "1d";
        daily = 7;
        weekly = 4;
        monthly = -1;
      };
    };
  };
in
{
  services = {
    borgbackup.jobs = {
      repos = borgJob "forgejo" // {
        paths = [ "/var/lib/forgejo/dump" ];
      };
    };
  };

  environment.systemPackages = [ pkgs.borgbackup ];
}