add btrbk system snapshots

modules/nixos/my_btrbk/default.nix

@@ -0,0 +1,53 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.my_btrbk;
+  inherit (lib) mkEnableOption mkIf mkOption;
+  types = lib.types;
+in
+{
+  options.my_btrbk = {
+    enable = mkEnableOption "Btrbk backups";
+    sshKeyFile = mkOption {
+      type = types.nonEmptyStr;
+    };
+    sshUser = mkOption {
+      type = types.nonEmptyStr;
+      default = "btrbk";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.btrbk.instances."remote_falcon" = {
+      onCalendar = "daily";
+      settings = {
+        ssh_identity = cfg.sshKeyFile;
+        ssh_user = cfg.sshUser;
+
+        incremental = "yes";
+        stream_compress = "zstd";
+        stream_compress_level = "3";
+        target_preserve_min = "no";
+        target_preserve = "5d 4w 6m";
+
+        subvolume = {
+          "/" = {
+            snapshot_name = "root";
+          };
+          "/home" = {
+            snapshot_name = "home";
+          };
+          "/nix" = {
+            snapshot_name = "nix";
+          };
+        };
+        snapshot_dir = "/.btrbk_snapshots";
+        target = "send-receive ssh://10.0.0.5/zpool-backup/backups/${config.networking.hostName}";
+      };
+    };
+  };
+}

secrets/btrbk-keyfile.age

@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 Gc/MTQ kKd7HFgJtplJohdcYXwFM+UXZBwBoQ9KJwfQ2jxS2g4
+yrNEIKJYffcf/NG5XnWl1Icic/gUWVsDK1ddqC+QWI0
+-> ssh-ed25519 mOIk4w /3/0Mb4pFu7a/480skeucHFoAddr08h89qqL7Ojt/gA
+SaXfyGJFDBTzU+zkDxVLe4SK6UNd9/6g3qtXYOQ/Wwo
+-> ssh-ed25519 l9wOAw 8wgspVkjHpxD2tzpVD0yZvipthOVWA6mUWVaWY3Ls20
+iSFw5EEGiv4uYw2JSv8T0fWajLBCajWKQYAHzvjOEwk
+--- +3nHDKkQ7xsKKk8wLBe6/Y5aSm8E25+7XlxrfB6V72g
+<03>><3E><><EFBFBD>F<EFBFBD>㿫<EFBFBD>s<EFBFBD>,F<>)<29><><EFBFBD>X<EFBFBD><58><EFBFBD>><3E>~_<><5F>
+;W<>0<EFBFBD>j<13>><3E><><EFBFBD><EFBFBD><EFBFBD>g*<2A><03><>ԃ<>!%<25>%`w<>;<3B><><EFBFBD>R<EFBFBD><52>w<1A><><EFBFBD>J1K͵̨R|sAB`<60>([
+<1E>~d<><64><EFBFBD><EFBFBD>XM<58><4D><EFBFBD>\<5C><>lo<6C><0F>>F<>
ķ<>H<12><><EFBFBD><EFBFBD>

secrets/secrets.nix

@@ -7,4 +7,5 @@ let
 in
 {
   "k3s.age".publicKeys = keys;
+  "btrbk-keyfile.age".publicKeys = keys;
 }

systems/x86_64-linux/penguin/default.nix

@@ -16,11 +16,21 @@ in
     ./hardware-configuration.nix
   ];
   config = {
+    age.secrets.k3s.file = ../../../secrets/k3s.age;
+    age.secrets.btrbk-keyfile = {
+      file = ../../../secrets/btrbk-keyfile.age;
+      owner = "btrbk";
+      group = "btrbk";
+    };
 
     my_users.enable = true;
     my_nix.enable = true;
 
-    age.secrets.k3s.file = ../../../secrets/k3s.age;
+    my_btrbk = {
+      enable = true;
+      sshKeyFile = config.age.secrets.btrbk-keyfile.path;
+    };
+
 
     my_k3s = {
       enable = true;