{ config, pkgs, lib, ... }:
{
  services.borgbackup.jobs =
    let
      borgJob = name: {
        environment.BORG_RSH = "ssh -i /root/.ssh/fealsyn1";
        environment.BORG_REMOTE_PATH = "/usr/local/bin/borg";
        repo = "ssh://backup@feal-syn1.home.feal.no/volume2/backup/borg/defiant/${name}";
        compression = "auto,zstd";
      };
    in {
      postgresDaily = borgJob "postgres::daily" // {
        paths = "/data/backup/postgresql";
        startAt = "*-*-* 05:15:00"; # 2 hours after postgresqlBackup
        extraInitArgs = "--storage-quota 10G";
        encryption = {
          mode = "repokey-blake2";
          passCommand = "cat ${config.sops.secrets."borg/postgres".path}";
        };
      };

      postgresWeekly = borgJob "postgres::weekly" // {
        paths = "/data/backup/postgresql";
        startAt = "Mon *-*-* 05:15:00"; # 2 hours after postgresqlBackup
        extraInitArgs = "--storage-quota 10G";
        encryption = {
          mode = "repokey-blake2";
          passCommand = "cat ${config.sops.secrets."borg/postgres".path}";
        };
      };

      gitea = borgJob "gitea::weekly" // {
        paths = "/tank/services/gitea";
        startAt = "Mon *-*-* 05:15:00";
        extraInitArgs = "--storage-quota 20G";
        encryption = {
          mode = "repokey-blake2";
          passCommand = "cat ${config.sops.secrets."borg/gitea".path}";
        };
      };

      minecraft = borgJob "minecraft::weekly" // {
        paths = "/var/lib/minecraft-wack";
        startAt = "weekly";
        extraInitArgs = "--storage-quota 20G";
        encryption.mode = "none";

        preHook = ''
          ${pkgs.mcrcon}/bin/mcrcon -p wack "say Starting Backup" "save-off" "save-all"
        '';

        postHook = ''
          ${pkgs.mcrcon}/bin/mcrcon -p wack "save-all" "say Completed Backup" "save-on" "save-all"
        '';
      };

    };

  # TODO: Matrix (keys,media,db), home-assistant, pihole, vaultwarden
  sops.secrets."borg/postgres" = { };
  sops.secrets."borg/gitea" = { };
}