{
  config,
  pkgs,
  ...
}: let
  genericBackupPath = "/var/lib/backups/";
  nixosContainersBackupPath = "/var/lib/nixos-containers/";
in rec {
  environment.systemPackages = with pkgs; [restic];

  sops.secrets."restic-backups-b2-repo-password" = {
    sopsFile = ./restic.sops.yaml;
  };
  sops.secrets."restic-backups-b2-environment" = {
    sopsFile = ./restic-environment.sops;
    format = "binary";
    path = "/etc/nixos/secrets/b2-env";
  };
  services = {
    restic.backups.b2 = {
      passwordFile = "/run/secrets/restic-backups-b2-repo-password";
      paths = [
        "/var/lib/foundryvtt"
        "/var/lib/gitea"
        "/var/lib/mastodon"
        "${nixosContainersBackupPath}"
      ];
      repository = "b2:cyplo-restic-vpsfree";
      backupPrepareCommand = ''
        systemctl stop container@mastodon.service
      '';
      backupCleanupCommand = ''
        systemctl start container@mastodon.service
      '';
      timerConfig = {OnCalendar = "daily";};
      environmentFile = "${config.sops.secrets.restic-backups-b2-environment.path}";
      exclude = ["cache"];
      pruneOpts = [
        "--keep-hourly 25"
        "--keep-daily 8"
        "--keep-weekly 5"
        "--keep-monthly 13"
        "--keep-yearly 2"
      ];
      checkOpts = [
        "--with-cache"
      ];
    };
  };

  systemd.services.restic-backups-b2 = {
    environment = {
      GOMAXPROCS = "1";
      GOGC = "20";
    };
    serviceConfig = {
      Nice = 19;
      IOSchedulingClass = "idle";
    };
  };
}