From 82fec595e5160114cdf5d6fcb5f23a0f7041737a Mon Sep 17 00:00:00 2001
From: blake <me@blakedheld.xyz>
Date: Tue, 7 Oct 2025 16:31:05 -0500
Subject: [PATCH] 29 current  2025-10-07 15:47:05  25.05.20251001.5b5be50 
 6.12.49                          *

---
 modules/system/backups.nix | 15 +++++++++++++--
 modules/system/sops.nix    | 11 -----------
 2 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/modules/system/backups.nix b/modules/system/backups.nix
index 092cb55..23e04b4 100644
--- a/modules/system/backups.nix
+++ b/modules/system/backups.nix
@@ -38,10 +38,12 @@ in
       serviceConfig = {
         Type = "oneshot";
         EnvironmentFile = config.modules.system.backups.passphraseFile;
+        # the actual script borg is using
         ExecStart = pkgs.writeShellScript "borg-backup" ''
           set -euo pipefail
           export BORG_PASSPHRASE="$(cat ${passwd_file})"
           export BORG_REPO="${cfg.repo}"
+          timestamp="$(date +'%Y-%m-%dT%H:%M:%S')"
 
           # Initialize repo if it doesn't exist
           if ! borg info "$BORG_REPO" >/dev/null 2>&1; then
@@ -58,7 +60,7 @@ in
             --stats \
             --show-rc \
             --compression lz4 \
-            "$BORG_REPO::${toString config.networking.hostName}-$(date +'%Y-%m-%dT%H:%M:%S')" \
+            "$BORG_REPO::${toString config.networking.hostName}-${timestamp}" \
             ${lib.concatStringsSep " " cfg.paths}
 
           # Prune old backups according to retention policy
@@ -68,11 +70,12 @@ in
             --keep-weekly=52 \
             --keep-monthly=-1
 
-          echo "Backup completed successfully."
+          echo "${timestamp} - backup completed successfully."
         '';
       };
     };
 
+    # create timer to run backups daily
     systemd.timers.backups = {
       description = "daily borg backup timer";
       wantedBy = [ "timers.target" ];
@@ -82,7 +85,15 @@ in
       };
     };
 
+    # install borg binary
     environment.systemPackages = [ pkgs.borgbackup ];
+
+    # declare secret for repo password
+    sops.secrets = {
+      "borg_passwd" = { 
+        owner = "root";
+        group = "root";
+      };
   };
 }
 
diff --git a/modules/system/sops.nix b/modules/system/sops.nix
index 2ec9a78..a63f45e 100644
--- a/modules/system/sops.nix
+++ b/modules/system/sops.nix
@@ -40,17 +40,6 @@ in
           group = "root";
           neededForUsers = true;
         };
-
-#         "ssl_blakedheld_crt" = lib.mkIf config.modules.homelab.nginx-proxy.enable { 
-#          owner = "nginx";
-#          group = "nginx";
-#        };
-#
-#          "ssl_blakedheld_key" = lib.mkIf config.modules.homelab.nginx-proxy.enable { 
-#          owner = "nginx";
-#          group = "nginx";
-#        };
-       
       };
     };
   };