{
  pkgs,
  config,
  ...
}: let
  vars = import ../../vars.nix;
  arionPath = "/home/${vars.user}/.setup/hosts/franz/arion";
  cfg = config.virtualisation.arion;
in {
  # systemd.timers."restic-cron" = {
  #   wantedBy = ["timers.target"];
  #   timerConfig = {
  #     OnBootSec = "1m";
  #     OnUnitActiveSec = "1m";
  #     Unit = "restic-cron.service";
  #   };
  # };
  #
  # systemd.services."restic-cron" = {
  #   path = [
  #     cfg.docker.client.package
  #     cfg.package
  #     pkgs.nix
  #     pkgs.restic
  #     pkgs.autorestic
  #   ];
  #   script = ''
  #     source /etc/profile
  #     autorestic -c /home/ghoscht/.autorestic.yml --verbose cron >> /tmp/autorestic.log 2>&1
  #   '';
  #   serviceConfig = {
  #     Type = "oneshot";
  #     User = "root";
  #   };
  # };

  services.cron = {
    enable = true;
    systemCronJobs = [
      "*/5 * * * *      root    . /etc/profile; autorestic -c /home/ghoscht/.autorestic.yml --ci cron > /var/log/autorestic-bin.log"
    ];
  };

  environment.systemPackages = with pkgs; [autorestic restic];

  sops.secrets."autorestic/zfs_key" = {
    owner = vars.user;
  };
  sops.secrets."autorestic/eustachius_key" = {
    owner = vars.user;
  };
  sops.secrets."autorestic/ntfy_access_token" = {
    owner = vars.user;
  };

  sops.templates.".autorestic.yml" = {
    path = "/home/${vars.user}/.autorestic.yml";
    owner = vars.user;
    mode = "0775";
    content = ''
      version: 2
      global:
        forget:
          keep-last: 5
          keep-weekly: 1
          keep-monthly: 12
          keep-yearly: 7
          keep-within: '14d'

      extras:
        default_hooks: &default_hooks
          success:
            - echo "Backup of $AUTORESTIC_LOCATION successful! Added $AUTORESTIC_FILES_ADDED_0 files and changed $AUTORESTIC_FILES_CHANGED_0 files with a total size of $AUTORESTIC_ADDED_SIZE_0. Processed $AUTORESTIC_PROCESSED_FILES_0 files with total size $AUTORESTIC_PROCESSED_SIZE_0 in $AUTORESTIC_PROCESSED_DURATION_0. Snapshot $AUTORESTIC_SNAPSHOT_ID_0" >> /var/log/autorestic-backup.log
          failure:
            - echo "Backup of $AUTORESTIC_LOCATION failed" >> /var/log/autorestic.log
            - 'curl -H "Authorization: Bearer ${config.sops.placeholder."autorestic/ntfy_access_token"}" -H "X-Tags: warning" -H "X-Title: Backup Failure" -d "Backup of location $AUTORESTIC_LOCATION failed" https://push.ghoscht.com/autorestic'

      locations:
        dashboard:
          from: /home/ghoscht/.docker/dashboard
          to:
            - zfs
            - eustachius
          forget: prune
          cron: '0 4 * * 0' # Every Sunday at 4:00
          hooks:
            <<: *default_hooks
            before:
              -  arion -f ${arionPath}/dashboard/arion-compose.nix -p ${arionPath}/dashboard/arion-pkgs.nix stop
            after:
              -  arion -f ${arionPath}/dashboard/arion-compose.nix -p ${arionPath}/dashboard/arion-pkgs.nix start
        dns:
          from: /home/ghoscht/.docker/dns
          to:
            - zfs
            - eustachius
          forget: prune
          cron: '0 4 * * 0' # Every Sunday at 4:00
          hooks:
            <<: *default_hooks
            before:
              -  arion -f ${arionPath}/dns/arion-compose.nix -p ${arionPath}/dns/arion-pkgs.nix stop
            after:
              -  arion -f ${arionPath}/dns/arion-compose.nix -p ${arionPath}/dns/arion-pkgs.nix start
        feed:
          from: /home/ghoscht/.docker/feed
          to:
            - zfs
            - eustachius
          forget: prune
          cron: '0 4 * * 0' # Every Sunday at 4:00
          hooks:
            <<: *default_hooks
            before:
              -  arion -f ${arionPath}/feed/arion-compose.nix -p ${arionPath}/feed/arion-pkgs.nix stop
            after:
              -  arion -f ${arionPath}/feed/arion-compose.nix -p ${arionPath}/feed/arion-pkgs.nix start
        git:
          from: /home/ghoscht/.docker/git
          to:
            - zfs
            - eustachius
          cron: '0 4 * * *' # Every Day at 4:00
          hooks:
            <<: *default_hooks
            before:
              -  arion -f ${arionPath}/git/arion-compose.nix -p ${arionPath}/git/arion-pkgs.nix stop
            after:
              -  arion -f ${arionPath}/git/arion-compose.nix -p ${arionPath}/git/arion-pkgs.nix start
        media:
          from: /home/ghoscht/.docker/media
          to:
            - zfs
            - eustachius
          cron: '0 4 * * *' # Every Day at 4:00
          hooks:
            <<: *default_hooks
            before:
              -  arion -f ${arionPath}/media/arion-compose.nix -p ${arionPath}/media/arion-pkgs.nix stop
            after:
              -  arion -f ${arionPath}/media/arion-compose.nix -p ${arionPath}/media/arion-pkgs.nix start
        nextcloud:
          from:
            - /storage/dataset/docker/nextcloud/nextcloud_data/data
            - /home/ghoscht/.docker/nextcloud/
          to:
            - zfs
            - eustachius
          cron: '0 4 * * *' # Every Day at 4:00
          hooks:
            <<: *default_hooks
            before:
              -  arion -f ${arionPath}/nextcloud/arion-compose.nix -p ${arionPath}/nextcloud/arion-pkgs.nix stop
            after:
              -  arion -f ${arionPath}/nextcloud/arion-compose.nix -p ${arionPath}/nextcloud/arion-pkgs.nix start
        smarthome:
          from: /home/ghoscht/.docker/smarthome
          to:
            - zfs
            - eustachius
          forget: prune
          cron: '0 4 * * 0' # Every Sunday at 4:00
          hooks:
            <<: *default_hooks
            before:
              -  arion -f ${arionPath}/smarthome/arion-compose.nix -p ${arionPath}/smarthome/arion-pkgs.nix stop
            after:
              -  arion -f ${arionPath}/smarthome/arion-compose.nix -p ${arionPath}/smarthome/arion-pkgs.nix start
        passwords:
          from: /home/ghoscht/.docker/passwords
          to:
            - zfs
            - eustachius
          cron: '0 4 * * *' # Every Day at 4:00
          hooks:
            <<: *default_hooks
            before:
              -  arion -f ${arionPath}/passwords/arion-compose.nix -p ${arionPath}/passwords/arion-pkgs.nix stop
            after:
              -  arion -f ${arionPath}/passwords/arion-compose.nix -p ${arionPath}/passwords/arion-pkgs.nix start
        push:
          from: /storage/dataset/docker/push/
          to:
            - zfs
            - eustachius
          cron: '0 4 * * *' # Every Day at 4:00
          hooks:
            <<: *default_hooks
            before:
              -  arion -f ${arionPath}/push/arion-compose.nix -p ${arionPath}/push/arion-pkgs.nix stop
            after:
              -  arion -f ${arionPath}/push/arion-compose.nix -p ${arionPath}/push/arion-pkgs.nix start
        # matrix:
        #   from: /home/ghoscht/.docker/matrix
        #   to:
        #     - zfs
        #     - eustachius
        #   forget: prune
        #   cron: '0 4 * * 0' # Every Sunday at 4:00
        #   hooks:
        #     <<: *default_hooks
        #     before:
        #       -  arion -f ${arionPath}/matrix/arion-compose.nix -p ${arionPath}/matrix/arion-pkgs.nix stop
        #     after:
        #       -  arion -f ${arionPath}/matrix/arion-compose.nix -p ${arionPath}/matrix/arion-pkgs.nix start
        music:
          from: /storage/dataset/data/media/music
          to:
            - eustachius
          cron: '0 4 * * 0' # Every Sunday at 4:00
          hooks:
            <<: *default_hooks
            before:
              -  arion -f ${arionPath}/media/arion-compose.nix -p ${arionPath}/media/arion-pkgs.nix stop
            after:
              -  arion -f ${arionPath}/media/arion-compose.nix -p ${arionPath}/media/arion-pkgs.nix start
        headscale:
          from: /home/ghoscht/.docker/headscale
          to:
            - zfs
          forget: prune
          cron: '55 3 * * *' # Every Day at 3:55
          hooks:
            <<: *default_hooks
            before:
              -  arion -f ${arionPath}/headscale/arion-compose.nix -p ${arionPath}/headscale/arion-pkgs.nix stop
            after:
              -  arion -f ${arionPath}/headscale/arion-compose.nix -p ${arionPath}/headscale/arion-pkgs.nix start
        auth:
          from: /home/ghoscht/.docker/auth
          to:
            - zfs
            - eustachius
          forget: prune
          cron: '55 3 * * *' # Every Day at 3:55
          hooks:
            <<: *default_hooks
            before:
              -  arion -f ${arionPath}/auth/arion-compose.nix -p ${arionPath}/auth/arion-pkgs.nix stop
            after:
              -  arion -f ${arionPath}/auth/arion-compose.nix -p ${arionPath}/auth/arion-pkgs.nix start
        infrastructure:
          from: /home/ghoscht/.docker/infrastructure
          to:
            - zfs
            - eustachius
          forget: prune
          cron: '55 3 * * *' # Every Day at 3:55
          hooks:
            <<: *default_hooks
            before:
              -  arion -f ${arionPath}/infrastructure/arion-compose.nix -p ${arionPath}/infrastructure/arion-pkgs.nix stop
            after:
              -  arion -f ${arionPath}/infrastructure/arion-compose.nix -p ${arionPath}/infrastructure/arion-pkgs.nix start
        wiki:
          from: /home/ghoscht/.docker/wiki
          to:
            - zfs
            - eustachius
          forget: prune
          cron: '55 3 * * *' # Every Day at 3:55
          hooks:
            <<: *default_hooks
            before:
              -  arion -f ${arionPath}/wiki/arion-compose.nix -p ${arionPath}/wiki/arion-pkgs.nix stop
            after:
              -  arion -f ${arionPath}/wiki/arion-compose.nix -p ${arionPath}/wiki/arion-pkgs.nix start
        stats:
          from: /home/ghoscht/.docker/stats
          to:
            - zfs
            - eustachius
          forget: prune
          cron: '55 3 * * *' # Every Day at 3:55
          hooks:
            <<: *default_hooks
            before:
              -  arion -f ${arionPath}/stats/arion-compose.nix -p ${arionPath}/stats/arion-pkgs.nix stop
            after:
              -  arion -f ${arionPath}/stats/arion-compose.nix -p ${arionPath}/stats/arion-pkgs.nix start
        minio:
          from: /storage/dataset/docker/minio
          to:
            - zfs
            - eustachius
          cron: '55 3 * * *' # Every Day at 3:55
          options:
            backup:
              exclude:
                - '*.pmtiles'
          hooks:
            <<: *default_hooks
            before:
              -  arion -f ${arionPath}/minio/arion-compose.nix -p ${arionPath}/minio/arion-pkgs.nix stop
            after:
              -  arion -f ${arionPath}/minio/arion-compose.nix -p ${arionPath}/minio/arion-pkgs.nix start
        nas:
          from: /storage/dataset/nas
          to:
            - zfs
            - eustachius
          cron: '55 3 * * *' # Every Day at 3:55
          hooks:
            <<: *default_hooks
      backends:
        zfs:
          type: local
          path: /storage/dataset/backups
          key: '${config.sops.placeholder."autorestic/zfs_key"}'
        eustachius:
          type: rest
          path: http://100.64.0.3:8000/franz
          key: '${config.sops.placeholder."autorestic/eustachius_key"}'
    '';
  };
}