{ config, lib, ... }:

let
  cfg = config.crans.resticClient;

  inherit (lib)
    mkEnableOption
    mkIf
    mkOption
    types
    ;
in

{
  options.crans.resticClient = {
    enable = mkEnableOption "Configuration générale pour le client restic.";

    additionalPaths = mkOption {
      type = types.listOf types.path;
      default = [ ];
      example = [ "/backup" ];
      description = "Chemins à backuper en plus de ceux par défaut.";
    };

    additionalExcludes = mkOption {
      type = types.listOf types.path;
      default = [ ];
      example = [ "/var/lib/<service>/cache" ];
      description = "Chemins à exclure des backups en plus de ceux par défaut.";
    };

    when = mkOption {
      type = types.str;
      example = "05:42";
      description = "À quelle heure faire les backups.";
    };
  };

  config = mkIf cfg.enable {
    age.secrets = {
      restic-base-env.file = ../../secrets/restic/client_env.age;
      restic-base-repo.file = ../../secrets/restic/${config.networking.hostName}/base-repo.age;
      restic-base-password.file = ../../secrets/restic/${config.networking.hostName}/base-password.age;
    };

    services.restic.backups = {
      base = {
        initialize = true;
        passwordFile = config.age.secrets.restic-base-password.path;
        repositoryFile = config.age.secrets.restic-base-repo.path;
        environmentFile = config.age.secrets.restic-base-env.path;
        paths = [
          "/etc"
          "/var"
        ] ++ cfg.additionalPaths;
        exclude = [
          "/var/cache"
          "/var/lib/lxcfs"
        ] ++ cfg.additionalExcludes;
        timerConfig = {
          OnCalendar = cfg.when;
          RandomizedDelaySec = "6h";
        };
        pruneOpts = [
          "--keep-daily 2"
          "--keep-weekly 2"
          "--keep-monthly 2"
          "--keep-yearly 1"
        ];
      };
    };
  };
}