{ pkgs, lib, config, machineName, machines, ... }:
let
  inherit (config) networking;
  inherit (config.security) gnupg;
  user = "backup";
in
{
networking.nftables.ruleset = ''
  add rule inet filter fw2net tcp dport 22 ip daddr ${machines.mermet.extraArgs.ipv4} counter accept comment "SSH to mermet"
'';
services.syncoid = {
  enable = true;
  interval = "*-*-* *:05:00";
  sshKey = gnupg.secrets."ssh/${user}.ssh-ed25519".path;
  commonArgs = [
    "--no-sync-snap"
    "--create-bookmark"
    #"--no-privilege-elevation"
    #"--no-stream"
  ];
  service = {
    after = [ gnupg.secrets."ssh/${user}.ssh-ed25519".service ];
    wants = [ gnupg.secrets."ssh/${user}.ssh-ed25519".service ];
  };
  commands = {
    "${machineName}/home/julm/work" = {
      sendOptions = "raw";
      target = "${user}@mermet.${networking.domain}:rpool/backup/${machineName}/home/julm/work";
    };
    "${user}@mermet.${networking.domain}:rpool/var/mail" = {
      sendOptions = "raw";
      target = "${machineName}/backup/mermet/var/mail";
    };
    "${user}@mermet.${networking.domain}:rpool/var/public-inbox" = {
      sendOptions = "raw";
      target = "${machineName}/backup/mermet/var/public-inbox";
    };
    "${user}@mermet.${networking.domain}:rpool/var/www" = {
      sendOptions = "raw";
      target = "${machineName}/backup/mermet/var/www";
    };
    "${user}@mermet.${networking.domain}:rpool/var/git" = {
      sendOptions = "raw";
      target = "${machineName}/backup/mermet/var/git";
    };
    "${user}@mermet.${networking.domain}:rpool/var/redis" = {
      sendOptions = "raw";
      target = "${machineName}/backup/mermet/var/redis";
    };
    "${user}@mermet.${networking.domain}:rpool/home/julm/mail" = {
      sendOptions = "raw";
      target = "${machineName}/backup/mermet/home/julm/mail";
    };
    "${user}@mermet.${networking.domain}:rpool/home/julm/log" = {
      sendOptions = "raw";
      target = "${machineName}/backup/mermet/home/julm/log";
    };
  };
};
}