{
  config,
  lib,
  pkgs,
  ...
}:
with lib; let
  cfg = config.local.sys.borgsync;
in {
  options.local.sys.borgsync = {
    enable = mkEnableOption "borg backup to an rsync.net repo";
    paths = mkOption {
      type = with types; nullOr (coercedTo str singleton (listOf str));
      default = null;
      description = "Paths to back up.";
    };
    exclude = mkOption {
      type = with types; listOf str;
      description = "Exclude paths.";
      default = [];
    };
    repoName = mkOption {
      type = types.str;
      description = "Remote rsync repository to back up to.";
    };
  };
  
  config = mkIf cfg.enable {
    services.borgbackup.jobs.rsync = {
      paths = cfg.paths;
      exclude = cfg.exclude;
      user = "root";
      group = "root";
      doInit = true;
      startAt = [
        "hourly"
      ];
      inhibitsSleep = true;
      persistentTimer = true;

      repo = "zh5777@zh5777.rsync.net:${cfg.repoName}";
      encryption = {
        mode = "repokey-blake2";
        passCommand = "cat /var/trust/borg/${cfg.repoName}_passphrase";
      };
      compression = "auto,lz4";
      prune = {
        keep = {
          hourly = 24;
          daily = 7;
          weekly = 4;
          monthly = 12;
          yearly = 99;
        };
      };
      extraArgs = [
        "--remote-path=borg14"
      ];
    };
    
    environment.sessionVariables.BORG_REMOTE_PATH = "borg14";
  };
}