hosts/plover: add application data for backup

hosts/plover/default.nix

@@ -343,39 +343,68 @@ in
 
   # Of course, what is a server without a backup? A professionally-handled
   # production system so we can act like one.
-  services.borgbackup.jobs.host-backup = let
+  services.borgbackup.jobs =
-    patterns = [
+    let
-      config.sops.secrets."plover/borg/patterns/keys".path
+      jobCommonSettings = { patternFiles ? [ ], patterns ? [ ], paths ? [ ] }: {
-    ];
+        inherit paths;
-  in {
+        compression = "zstd,11";
-    compression = "zstd,11";
+        dateFormat = "+%F-%H-%M-%S-%z";
-    dateFormat = "+%F-%H-%M-%S-%z";
+        doInit = true;
-    doInit = true;
+        encryption = {
-    encryption = {
+          mode = "repokey-blake2";
-      mode = "repokey-blake2";
+          passCommand = "cat ${config.sops.secrets."plover/borg/password".path}";
-      passCommand = "cat ${config.sops.secrets."plover/borg/password".path}";
+        };
-    };
+        extraCreateArgs =
-    extraCreateArgs = lib.concatStringsSep " "
+          let
-      (builtins.map (patternFile: "--patterns-from ${patternFile}") patterns);
+            args = [
-    extraInitArgs = "--make-parent-dirs";
+              (lib.concatStringsSep " "
-    # We're setting it since it is required plus we're replacing all of them
+                (builtins.map (patternFile: "--patterns-from ${lib.escapeShellArg patternFile}") patternFiles))
-    # with patterns anyways.
+              (lib.concatStringsSep " "
-    paths = [];
+                (builtins.map (pattern: "--pattern ${lib.escapeShellArg pattern}") patterns))
-    persistentTimer = true;
+            ];
-    preHook = ''
+          in
-      extraCreateArgs="$extraCreateArgs --stats"
+          lib.concatStringsSep " " args;
-    '';
+        extraInitArgs = "--make-parent-dirs";
-    prune = {
+        # We're setting it since it is required plus we're replacing all of them
-      keep = {
+        # with patterns anyways.
-        weekly = 4;
+        persistentTimer = true;
-        monthly = 12;
+        preHook = ''
-        yearly = 6;
+          extraCreateArgs="$extraCreateArgs --stats"
+        '';
+        prune.keep = {
+          weekly = 4;
+          monthly = 12;
+          yearly = 6;
+        };
+        repo = "cr6pf13r@cr6pf13r.repo.borgbase.com:repo";
+        startAt = "monthly";
+        environment.BORG_RSH = "ssh -i ${config.sops.secrets."plover/ssh-key".path}";
       };
+    in
+    {
+      # Backup for host-specific files. They don't change much so it is
+      # acceptable for it to be backed up monthly.
+      host-backup = jobCommonSettings {
+        patternFiles = [
+          config.sops.secrets."plover/borg/patterns/keys".path
+        ];
+      };
+
+      # Backups for various services.
+      services-backup = jobCommonSettings
+        {
+          paths = [
+            # Vaultwarden
+            "/var/lib/bitwarden_rs"
+
+            # Gitea
+            config.services.gitea.dump.backupDir
+
+            # PostgreSQL database dumps
+            config.services.postgresqlBackup.location
+          ];
+        } // { startAt = "weekly"; };
     };
-    repo = "cr6pf13r@cr6pf13r.repo.borgbase.com:repo";
-    startAt = "monthly";
-    environment.BORG_RSH = "ssh -i ${config.sops.secrets."plover/ssh-key".path}";
-  };
 
   programs.ssh.extraConfig = ''
     Host *.repo.borgbase.com