nixfiles/hosts/palladium/backup-scripts.nix

{ pkgs, ... }:

let
  cb-mount = pkgs.writeScriptBin "cb-mount" ''
  #!${pkgs.bash}/bin/bash

  DEVICE=/dev/disk/by-path/pci-0000:00:12.0-ata-2-part1

  ${pkgs.cryptsetup}/bin/cryptsetup luksOpen ''${DEVICE} external-drive
  mkdir -p /mnt/external-drive
  mount /dev/mapper/external-drive /mnt/external-drive

  mkdir -p /mnt/external-drive/clerie-backup
  chown borg:borg -R /mnt/external-drive/clerie-backup
  '';

  cb-unmount = pkgs.writeScriptBin "cb-unmount" ''
  #!${pkgs.bash}/bin/bash

  umount /mnt/external-drive
  ${pkgs.cryptsetup}/bin/cryptsetup luksClose external-drive
  '';

  cb-prepare = pkgs.writeScriptBin "cb-prepare" ''
  echo "Formatting disk"
  sgdisk -Z /dev/disk/by-path/pci-0000:00:12.0-ata-2
  sgdisk -N 1 /dev/disk/by-path/pci-0000:00:12.0-ata-2
  partprobe /dev/disk/by-path/pci-0000:00:12.0-ata-2

  echo "Creating encrypted partition"
  ${pkgs.cryptsetup}/bin/cryptsetup luksFormat -c aes-xts-plain64 --hash=sha256 -s 256 /dev/disk/by-path/pci-0000:00:12.0-ata-2-part1

  echo "Opening encrypted partition"
  ${pkgs.cryptsetup}/bin/cryptsetup luksOpen /dev/disk/by-path/pci-0000:00:12.0-ata-2-part1 external-drive

  echo "Creating file system"
  mkfs.ext4 /dev/mapper/external-drive

  echo "Closing encrypted partition"
  ${pkgs.cryptsetup}/bin/cryptsetup luksClose external-drive
  '';
in {
  environment.systemPackages = [ cb-mount cb-unmount cb-prepare ];
}