add borg

modules/homelab/services/default.nix.template

@@ -4,17 +4,18 @@ let
   cfg = config.modules.services.<service_name>;
   ids = <gid_and_uid_number>;
   default_port = <port_number>;
+  data_dir = "/var/lib/<service_name>";
 in
 {
   options.modules.services.<service_name> = {
     enable = lib.mkEnableOption "enables <service_name>";
 
-#    set port options
-#    port = lib.mkOption {
-#      type = lib.types.int;
-#      default = cfg.default_port;
-#      description = "set port for <service_name> (default: ${toString default_port}";
-#    };
+    # set port options
+    port = lib.mkOption {
+      type = lib.types.int;
+      default = cfg.default_port;
+      description = "set port for <service_name> (default: ${toString default_port}";
+    };
 
   };
 
@@ -25,7 +26,7 @@ in
 
     # declare <service_name> user
     users.users.<service_name> = {
-      description = "<service_name> media server user";
+      description = "<service_name> server user";
       uid = ids;
       isSystemUser = true;
       home = "/var/lib/<service_name>";
@@ -37,21 +38,20 @@ in
     # enable the <service_name> service
     services.<service_name> = {
       enable = true;
-      openFirewall = true;        # Opens 8096/8920 automatically
-      user = "<service_name>";          # Default: <service_name>
-      group = "<service_name>";         # Default: <service_name>
-      dataDir = "/var/lib/<service_name>"; # Config + metadata storage
-      dataDir = "/var/lib/<service_name>"; # Config + metadata storage
-#      settings = {
-#        server.port = cfg.port;
-#      };
+      openFirewall = true;
+      user = "<service_name>";
+      group = "<service_name>";
+      dataDir = data_dir;
+      settings = {
+        server.port = cfg.port;
+      };
     };
 
     # override umask to make permissions work out
     systemd.services.<service_name>.serviceConfig = { UMask = lib.mkForce "0007"; };
 
-    # open firewall
-    #networking.firewall.allowedTCPPorts = [ port ];
+#    # open firewall
+#    networking.firewall.allowedTCPPorts = [ port ];
 
     # reverse proxy entryo
     services.nginx.virtualHosts."<service_name>.snowbelle.lan" = {
@@ -63,5 +63,8 @@ in
         proxyPass = "http://127.0.0.1:${toString port}";
       };
     };
+
+    # add to backups
+    modules.system.backups.paths = lib.mkIf cfg.backups [ data_dir ];
   };
 }