{
  config,
  inputs,
  lib,
  pkgs,
  ...
}:
with lib; let
  cat = "${pkgs.coreutils}/bin/cat";

  cfg = config.custom.services.borgmatic;
in {
  # https://wiki.nixos.org/wiki/Borg_backup
  # https://github.com/borgmatic-collective/borgmatic
  #!! Imperative initialization
  #?? sudo borgmatic init -e repokey-blake2
  #?? sudo borgmatic key export
  #?? sudo borgmatic -v 1 create --progress --stats
  options.custom.services.borgmatic = {
    enable = mkOption {default = false;};
    repositories = mkOption {default = [];};
    sources = mkOption {default = [];};
  };

  config = mkIf cfg.enable {
    services.borgmatic = {
      enable = true;

      # https://torsion.org/borgmatic/docs/reference/configuration/
      settings = {
        archive_name_format = "{now:%Y-%m-%d %H:%M:%S}"; # Remove hostname
        keep_daily = 7;
        keep_weekly = 4;
        keep_monthly = 1;
        keep_yearly = 1;
        retries = 10;
        retry_wait = 60; # Additive seconds per retry
        compression = "auto,zstd"; # Use heuristics to decide whether to compress with zstd
        ssh_command = "ssh -i /etc/ssh/id_ed25519"; # !! Imperative key generation
        encryption_passcommand = "${cat} ${config.age.secrets."${config.custom.profile}/borgmatic/borgbase".path}";
        repositories = cfg.repositories;
        source_directories = cfg.sources;

        # TODO: Add more databases
        #?? sudo borgmatic restore --archive latest
        # postgresql_databases = [
        #   {
        #     name = "nextcloud";
        #     username = "nextcloud";
        #     pg_dump_command = "docker exec -i nextcloud-db pg_dump";
        #     pg_restore_command = "docker exec -i nextcloud-db pg_restore";
        #     psql_command = "docker exec -i nextcloud-db psql";
        #   }

        #   {
        #     name = "piped";
        #     username = "piped";
        #     pg_dump_command = "docker exec -i postgres pg_dump";
        #     pg_restore_command = "docker exec -i postgres pg_restore";
        #     psql_command = "docker exec -i postgres psql";
        #   }
        # ];
      };
    };

    age.secrets = let
      secret = filename: {file = "${inputs.self}/secrets/${filename}";};
    in {
      "${config.custom.profile}/borgmatic/borgbase" = secret "${config.custom.profile}/borgmatic/borgbase";
    };
  };
}