feat: adds borgbackup job for vaultwarden

modules/services/vaultwarden.nix

@@ -1,6 +1,16 @@
-{ config, ... }:
 {
-  services.vaultwarden = {
+  config,
+  host,
+  pkgs,
+  username,
+  ...
+}:
+let
+  baseRepo = "ssh://liv@dandelion:9123/spinners/rootvol/backups/${host}";
+in
+{
+  services = {
+    vaultwarden = {
       enable = true;
       dbBackend = "sqlite";
       config = {
@@ -15,7 +25,7 @@
         ROCKET_PORT = 8003;
       };
     };
-  services.nginx = {
+    nginx = {
       enable = true;
       recommendedProxySettings = true;
       recommendedTlsSettings = true;
@@ -31,4 +41,30 @@
         };
       };
     };
+    borgbackup.jobs."violet-vaultwarden" = {
+      paths = [ "/var/lib/bitwarden_rs" ];
+      repo = "${baseRepo}/var-vaultwarden";
+      encryption.mode = "none";
+      compression = "auto,zstd";
+      startAt = "daily";
+      preHook = ''
+        systemctl stop vaultwarden
+      '';
+      postHook = ''
+        systemctl start vaultwarden
+        if [ $exitStatus -eq 2 ]; then
+          ${pkgs.ntfy-sh}/bin/ntfy send https://notify.liv.town/${host} "borgbackup: ${host} backup (vaultwarden) failed with errors"
+        else
+          ${pkgs.ntfy-sh}/bin/ntfy send https://notify.liv.town/${host} "borgbackup: ${host} backup (vaultwarden) completed succesfully with exit status $exitStatus"
+        fi
+      '';
+      user = "root";
+      extraCreateArgs = [
+        "--stats"
+      ];
+      environment = {
+        BORG_RSH = "ssh -p 9123 -i /home/${username}/.ssh/id_ed25519";
+      };
+    };
+  };
 }