A NixOS restic configuration for automatic backups across multiple devices without extra configuration

backups.nix

{ inputs, config, ... }:
{
  sops.secrets = let sopsFile = "${inputs.self}/secrets/shared.yaml"; in {
    "backup/ssh-key" = {
      sopsFile = sopsFile;
    };
    "backup/password" = {
      sopsFile = sopsFile;
    };
  };

  programs.ssh = {
    extraConfig = ''
      Host shared-storage.example.com
        HostName shared-storage.example.com
        IdentityFile ${config.sops.secrets."backup/ssh-key".path}
    '';
    knownHosts = {
      "[sftp.shared-storage.example.com]:2828".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII7kuvjambYERPlPWa8ntvdyhvJbgO+rE7U3Lj1+CKh8";
    };
  };
  services.restic.backups."${config.networking.hostName}" = {
    user = "root";
    timerConfig = {
      OnCalendar = "daily";
      Persistent = true;
    };
    repository = "sftp://janik@[shared-storage.example.com]:2828//backup";
    passwordFile = config.sops.secrets."backup/password".path;
    #pruneOpts = [ ];
    paths = [
      "/home"
      "/root"
      "/var/backup"
      "/var/lib"
    ];
    exclude = [
      "/home/*/.cache"
      "*Cache/Cache_Data*"
      "*/share/containers/storage/*"
    ];
  };
}