{
  pkgs,
  config,
  lib,
  osConfig,
  ...
}:
let
  cfg = config.xyno.borgmatic;
in
{
  options.xyno.borgmatic.enable = lib.mkOption { default = false; };
  config = lib.mkIf cfg.enable {
    programs.borgmatic = {
      enable = true;
      backups.system =
        let
          notify = "${pkgs.libnotify}/bin/notify-send";
        in
        {
          location.sourceDirectories = [ "/home" "/var" ];
          location.repositories = [ { path = "ssh://ragon@ds9//backups/${osConfig.networking.hostName}"; } ];
          location.extraConfig.exclude_if_present = [ ".nobackup" ];
          storage.encryptionPasscommand = "${pkgs.libsecret}/bin/secret-tool lookup borg-repository system";
          location.extraConfig.before_backup = [
            "${notify} -u low -a borgmatic borgmatic \"starting backup\" -t 10000"
          ];
          location.extraConfig.after_backup = [
            "${notify} -u low -a borgmatic borgmatic \"finished backup\" -t 10000"
          ];
          location.extraConfig.on_error = [
            "${notify} -u critical -a borgmatic borgmatic \"backup failed<br>maybe unlock keepass\""
          ];
          location.extraConfig.ssh_command = "ssh -o  IdentityAgent=/run/user/1000/ssh-agent";
          location.extraConfig.one_file_system = true;
          retention = {
            keepHourly = 24;
            keepDaily = 7;
            keepWeekly = 4;
            keepMonthly = 12;
            keepYearly = 2;
          };
        };
    };
    services.borgmatic.enable = true;
    services.borgmatic.frequency = "*-*-* 0,4,8,12,16,20:00:00";

  };
}