{ instances ? [ ]
}:

{ config, pkgs, ... }:

let
  btrbkPrimary = { subvolumes ? [ ] }: {
    snapshot_dir = "@snapshots";
    subvolume = builtins.foldl'
      (acc: subvol: acc // {
        ${subvol} = { };
      })
      { }
      subvolumes;
  };

  btrbkSecondary = { targetDir, subvolumes ? [ ] }: {
    target = "send-receive ${targetDir}";
    subvolume = builtins.foldl'
      (acc: subvol: acc // {
        ${subvol} = {
          snapshot_dir = "@snapshots";
          snapshot_preserve_min = "all";
          snapshot_create = "no";
        };
      })
      { }
      subvolumes;
  };

  primary = mountDir: subvolumes: {
    snapshot_preserve_min = "2d";
    snapshot_preserve = "35d 20w 12m";
    transaction_log = "/var/log/btrbk.log";
    volume = {
      "${mountDir}" = btrbkPrimary {
        inherit subvolumes;
      };
    };
  };

  secondary = primaryIp: mountDir: subvolumes: {
    backend_remote = "btrfs-progs-sudo";
    ssh_identity = config.sops.secrets.private_key.path;
    ssh_user = "btrbk";
    stream_buffer = "512m";
    stream_compress = "gzip";
    stream_compress_level = "default";
    stream_compress_threads = "default";
    target_preserve = "24h 7d";
    target_preserve_min = "24h";
    transaction_log = "/var/log/btrbk.log";
    volume = {
      "ssh://${primaryIp}${mountDir}" = btrbkSecondary {
        targetDir = "${mountDir}/@snapshots";
        inherit subvolumes;
      };
    };
  };
in
{
  sops.secrets.private_key = {
    format = "yaml";
    sopsFile = ../../secrets/btrbk.yaml;
    owner = config.users.users.btrbk.name;
    group = config.users.users.btrbk.group;
  };

  environment.systemPackages = with pkgs; [
    btrbk
    btrfs-progs
    (writeShellScriptBin "restore-snapshot" (builtins.readFile ./restore-snapshot))
    (writeShellScriptBin "restore-all-snapshots" (builtins.readFile ./restore-all-snapshots))
  ];

  services.btrbk = {
    sshAccess = [
      {
        key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHTqU3EvTgY5/e9m6YyQWypQPK58t9iPmPnPYAvnODGB asonix@lionheart";
        roles = [ "source" "info" "send" ];
      }
    ];
    extraPackages = with pkgs; [ gzip ];
    instances = (builtins.foldl'
      (acc: { primaryIp ? null, mountDir, subvolumes, name ? "btrbk" }:
        let
          selected = if primaryIp == null then (primary mountDir subvolumes) else (secondary primaryIp mountDir subvolumes);
        in
        acc //
        {
          ${name} = {
            onCalendar = "hourly";
            settings = selected;
          };
        })
      { }
      instances);
  };
}