feat: add paperless and radicale backups to hetzner

hosts/ward/guests/radicale.nix

@@ -82,4 +82,10 @@ in {
   };
 
   systemd.services.radicale.serviceConfig.RestartSec = "600"; # Retry every 10 minutes
+
+  backups.storageBoxes.dusk = {
+    subuser = "radicale";
+    user = "radicale";
+    paths = ["/var/lib/radicale"];
+  };
 }

hosts/ward/guests/vaultwarden.nix

@@ -74,7 +74,6 @@ in {
       smtpSecurity = "force_tls";
       smtpPort = 465;
     };
-    #backupDir = "/data/backup";
     environmentFile = config.age.secrets.vaultwarden-env.path;
   };
 
@@ -85,36 +84,9 @@ in {
     RestartSec = "600"; # Retry every 10 minutes
   };
 
-  # Backups
-  # ========================================================================
-
-  age.secrets.restic-encryption-password.generator.script = "alnum";
-  age.secrets.restic-ssh-privkey.generator.script = "ssh-ed25519";
-
-  services.restic.backups.main = {
-    hetznerStorageBox = let
-      box = config.repo.secrets.global.hetzner.storageboxes.dusk;
-    in {
-      enable = true;
-      inherit (box) mainUser;
-      inherit (box.users.vaultwarden) subUid path;
-      sshAgeSecret = "restic-ssh-privkey";
-    };
-
+  backups.storageBoxes.dusk = {
+    subuser = "vaultwarden";
     user = "vaultwarden";
-    timerConfig = {
-      OnCalendar = "06:15";
-      RandomizedDelaySec = "3h";
-      Persistent = true;
-    };
-    initialize = true;
-    passwordFile = config.age.secrets.restic-encryption-password.path;
     paths = [config.services.vaultwarden.backupDir];
-    pruneOpts = [
-      "--keep-daily 14"
-      "--keep-weekly 7"
-      "--keep-monthly 12"
-      "--keep-yearly 75"
-    ];
   };
 }