{ config, pkgs, lib, ... }:
let
  cfg = config.my.services.backup.rsync;
  secrets = config.age.secrets;
  ssh-key-path = secrets."rsync.net/ssh-key".path;
in
{
  options.my.services.backup.rsync = with lib; {
    enable = mkEnableOption "rsync backup service";

    sourceDir = mkOption {
      type = types.path;
      example = "/data/slow/backups";
      description = "The directory to synchronize";
    };

    destination = mkOption {
      type = types.str;
      example = "de2664@de2664.rsync.net:backups/";
      description = "The destination";
    };

    timerConfig = mkOption {
      default = { OnCalendar = "daily"; };
      example = {
        OnCalendar = "00:05";
        RandomizedDelaySec = "5h";
      };
      description = ''
        When to run rsync. See man systemd.timer for details.
      '';
    };
  };

  config = lib.mkIf cfg.enable {
    systemd = {
      timers.rsync-backups = {
        description = "synchronize restic repository to rsync.net";
        wantedBy = [ "timers.target" ];
        partOf = [ "rsync-backups.service" ];
        timerConfig = cfg.timerConfig;
      };
      services.rsync-backups = {
        description = "synchronize restic repository to rsync.net";
        serviceConfig = {
          Type = "oneshot";
        };
        script = ''
          exec ${pkgs.rsync}/bin/rsync \
            -azq --delete \
            -e '${pkgs.openssh}/bin/ssh -i ${ssh-key-path}' \
            ${cfg.sourceDir} ${cfg.destination}
        '';
      };
    };
  };
}