add sops, add secrets, add cinny, add restic, add invidious container

modules/nixos/services/invidious/default.nix

@@ -1,30 +0,0 @@
-{
-  lib,
-  config,
-  pkgs,
-  namespace,
-  ...
-}:
-with lib;
-with lib.${namespace};
-let
-  cfg = config.${namespace}.services.invidious;
-in
-{
-  options.${namespace}.services.invidious = {
-    enable = mkEnableOption "Invidious";
-    domain = mkOption {
-      type = types.string;
-      default = "localhost";
-      description = "Domain to use for absolute URLs";
-    };
-  };
-
-  config = mkIf cfg.enable {
-    services.invidious = {
-      enable = true;
-      domain = cfg.domain;
-      extraSettingsFile = "/var/lib/invidious/settings.yml";
-    };
-  };
-}

modules/nixos/services/restic/default.nix

@@ -0,0 +1,48 @@
+{
+  lib,
+  config,
+  pkgs,
+  namespace,
+  ...
+}:
+with lib;
+with lib.${namespace};
+let
+  cfg = config.${namespace}.services.restic;
+in
+{
+  options.${namespace}.services.restic = {
+    enable = mkBoolOpt false "Restic";
+  };
+
+  config = mkIf cfg.enable {
+    sops.secrets.restic_url = {
+      format = "yaml";
+      sopsFile = ../../../../secrets/blarm-restic.yaml;
+      key = "restic/url";
+    };
+    sops.secrets.restic_password = {
+      format = "yaml";
+      sopsFile = ../../../../secrets/blarm-restic.yaml;
+      key = "restic/password";
+    };
+    services.restic.backups = {
+      borgbase = {
+        initialize = true;
+        exclude = [ "/home/*/.cache" ];
+        passwordFile = "/run/secrets/restic_password";
+        repository = "$(cat /run/secrets/restic_url)";
+        paths = [
+          "/home"
+          "/var/lib/"
+        ];
+        timerConfig = {
+          OnCalendar = "00:10";
+          RandomizedDelaySec = "1h";
+        };
+      };
+    };
+
+    environment.systemPackages = with pkgs; [ restic ];
+  };
+}