radish: add borgbackup

hosts/radish/packages.nix

@@ -1,4 +1,7 @@
-{ pkgs, lib, inputs, ... }:
+{ pkgs, lib, inputs, config, ... }:
+let
+  secrets = config.age.secrets;
+in
 {
   nixpkgs.config.allowUnfree = true;
   nixpkgs.overlays = [ (import ../../custom-pkgs { inherit lib inputs; }) ];
@@ -41,8 +44,62 @@
         HSA_OVERRIDE_GFX_VERSION = "11.0.3";
       };
     };
+
+    borgbackup.jobs.root = {
+      paths = "/";
+      exclude = [
+        "/nix"
+        "/var/cache"
+        "/run"
+        "/sys"
+        "/etc"
+        "/swap"
+        "/proc"
+        "**/node_modules"
+        "**/.cargo"
+        "**/ruby/*/gems"
+        "**/.cache"
+        "**/.meteor"
+        "**/.next"
+        "**/.local/share/containers/cache"
+        "**/.local/share/containers/storage/overlay"
+        "**/.local/share/docker/overlay2"
+        "**/log/*.log"
+        "**/.local/share/Trash"
+      ];
+      environment = {
+        BORG_RSH = "ssh -i /root/.ssh/id_ed25519.borg";
+      };
+      repo = "ssh://u324815-sub2@u324815.your-storagebox.de:23/./backup";
+      encryption = {
+        mode = "repokey";
+        passphrase = "will be overridden from environment file";
+      };
+      extraCreateArgs = [ "--stats" "--progress" ];
+      compression = "auto,zstd";
+      startAt = "daily";
+      persistentTimer = true;
+      preHook = with pkgs; ''
+        ${coreutils}/bin/timeout 60 ${bash}/bin/sh -c '
+          until ${iputils}/bin/ping -c1 your-storagebox.de; do
+            sleep 1
+          done
+        '
+      '';
+      postCreate = with pkgs; ''
+        ${curl}/bin/curl "https://status.freun.dev/api/push/''${UPTIME_KUMA_TOKEN}?status=up&msg=OK&ping="
+      '';
+      prune.keep = {
+        within = "3d";
+        daily = 14;
+        weekly = 8;
+        monthly = -1;
+      };
+    };
   };
 
+  systemd.services.borgbackup-job-root.serviceConfig.EnvironmentFile = secrets.borgbackup-radish.path;
+
   programs = {
     zsh.enable = true;
     _1password-gui = {