Add backup for diphda

flake.nix

@@ -160,6 +160,8 @@
                           repo = "t643s856@t643s856.repo.borgbase.com:repo";
                           excludes = [
                             "/home/eesim/.cache/"
+                            "/home/eesim/configs/mc-distant-horizons"
+                            "/home/eesim/configs/mc-arcadia"
                           ];
                           key = "/home/eesim/.ssh/id_ed25519";
                           passphrase = "/run/secrets/borgbase/nix-alpheratz";
@@ -189,6 +191,19 @@
                     options = {
                         openssh.enable = true;
 
+                        backup = {
+                          enable = true;
+                          user = "eesim";
+                          paths = [ "/home/eesim" ];
+                          repo = "ssh://p9h977h3@p9h977h3.repo.borgbase.com/./repo";
+                          excludes = [
+                            "/home/eesim/.cache"
+                          ];
+                          passphrase = "/run/secrets/backup/repo_password";
+                          key = "/home/eesim/.ssh/id_ed25519_borgbase";
+                          repeat = "daily";
+                        };
+
                         networking = {
                             firewall = {
                                 allowedTCPPorts = [ 80 443 3000 3843 4533 6600 6722 7474 7878 8000 8080 8081 8083 8089 8096 8120 8181 8443 8787 8889 8902 8989 8998 9000 9091 9696 11112 13378 24454 25565 25600 ];

hosts/diphda/system.nix

@@ -20,8 +20,13 @@
         defaultSopsFile = ../../secrets/diphda/secrets.yaml;
         age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
 
+        secrets."backup/repo_password" = {
+          owner = "eesim";
+        };
+
         secrets."mc-arcadia/repo_password" = {};
         secrets."mc-dh/repo_password" = {};
+
         secrets."tandoor/secret_key" = {
             owner = "tandoor";
         };