{ config, pkgs, lib, ... }:
{
  services.restic.backups = let
    localJob = name: paths: {
      inherit paths;
      repository = "/mnt/feal-syn1/backup/leonard/${name}"; # TODO - Mount first
      passwordFile = config.sops.secrets."restic/${name}".path;
      initialize = true;
      pruneOpts = [
        "--keep-daily 3"
        "--keep-weekly 4"
        "--keep-monthly 3"
      ];
    };
    cloudJob = name: paths: {
      inherit paths;
      # "rsyncnet" connection details specified in /root/.ssh/config
      extraOptions = [ "rclone.program=\"ssh rsyncnet\"" ];
      # repository = "rclone::/${name}";
      repository = "rclone:";
      passwordFile = config.sops.secrets."restic/${name}".path;
      initialize = true;
      pruneOpts = [
        # rsync.net keeps daily snapshots
        "--keep-weekly 4"
        "--keep-monthly 36"
      ];
    };
  in {
    # TODO - local NAS backups
    mysql-remote = (cloudJob "postgres" [ "/var/backup/mysql" ]) // {
      timerConfig.OnCalendar = "01:30"; # 1h after mysqlBackup
    };
    # WIP
    # postgres-remote = (cloudJob "postgres" [ "/tank/backup/postgresql" ]) // {
    #   timerConfig.OnCalendar = "05:15"; # 2h after postgresqlBackup
    # };

  };

  sops.secrets."restic/mysql" = { };
  sops.secrets."restic/postgres" = { };
}