From 90170ba821d3a1de5c7f5702c3bd30b9fcf86910 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Moritz=20B=C3=B6hme?= <mail@moritzboeh.me>
Date: Wed, 14 May 2025 18:46:23 +0200
Subject: [PATCH] feat: add borgbackup for mail

---
 machines/moritz-server/mail-server.nix | 36 ++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/machines/moritz-server/mail-server.nix b/machines/moritz-server/mail-server.nix
index b8c7fb3..14d87cf 100644
--- a/machines/moritz-server/mail-server.nix
+++ b/machines/moritz-server/mail-server.nix
@@ -70,4 +70,40 @@
   };
   services.nginx.virtualHosts."webmail.moritz.foo".enableACME = false;
   services.nginx.virtualHosts."webmail.moritz.foo".useACMEHost = "any.moritz.foo";
+
+  services.borgbackup.jobs = {
+    mailDirectory = {
+      paths = config.mailserver.mailDirectory;
+      repo = "u461386-sub1@u461386.your-storagebox.de:mailDirectory";
+      doInit = true;
+      encryption = {
+        mode = "repokey";
+        passCommand = "cat ${config.clan.core.vars.generators.borg-mail-server.files.password.path}";
+      };
+      environment = {BORG_RSH = "ssh -i ${config.clan.core.vars.generators.borg-mail-server.files."ssh.id_ed25519".path} -p 23";};
+      compression = "auto,zstd";
+      startAt = "hourly";
+      persistentTimer = true;
+      prune.keep = {
+        within = "1d"; # Keep all archives from the last day
+        daily = 7;
+        weekly = 3;
+        monthly = 3;
+      };
+    };
+  };
+
+  clan.core.vars.generators.borg-mail-server = {
+    prompts.password.persist = true;
+
+    files."ssh.id_ed25519" = {};
+    files."ssh.id_ed25519.pub".secret = false;
+    runtimeInputs = [
+      pkgs.coreutils
+      pkgs.openssh
+    ];
+    script = ''
+      ssh-keygen -t ed25519 -N "" -f "$out"/ssh.id_ed25519
+    '';
+  };
 }