feat: add borgbackup for mail

machines/moritz-server/mail-server.nix

@@ -70,4 +70,40 @@
   };
   services.nginx.virtualHosts."webmail.moritz.foo".enableACME = false;
   services.nginx.virtualHosts."webmail.moritz.foo".useACMEHost = "any.moritz.foo";
+
+  services.borgbackup.jobs = {
+    mailDirectory = {
+      paths = config.mailserver.mailDirectory;
+      repo = "u461386-sub1@u461386.your-storagebox.de:mailDirectory";
+      doInit = true;
+      encryption = {
+        mode = "repokey";
+        passCommand = "cat ${config.clan.core.vars.generators.borg-mail-server.files.password.path}";
+      };
+      environment = {BORG_RSH = "ssh -i ${config.clan.core.vars.generators.borg-mail-server.files."ssh.id_ed25519".path} -p 23";};
+      compression = "auto,zstd";
+      startAt = "hourly";
+      persistentTimer = true;
+      prune.keep = {
+        within = "1d"; # Keep all archives from the last day
+        daily = 7;
+        weekly = 3;
+        monthly = 3;
+      };
+    };
+  };
+
+  clan.core.vars.generators.borg-mail-server = {
+    prompts.password.persist = true;
+
+    files."ssh.id_ed25519" = {};
+    files."ssh.id_ed25519.pub".secret = false;
+    runtimeInputs = [
+      pkgs.coreutils
+      pkgs.openssh
+    ];
+    script = ''
+      ssh-keygen -t ed25519 -N "" -f "$out"/ssh.id_ed25519
+    '';
+  };
 }