restic: Parameterise extra paths and excludes

machines/sayuri/configuration.nix

@@ -12,7 +12,12 @@
     gpu.amd.enable = true;
     gui.enable = true;
     libvirt.enable = true;
-    restic.enable = true;
+    restic = {
+      enable = true;
+      extraPaths = [
+        "/data"
+      ];
+    };
     ssd.enable = true;
     wireguard.home = {
       enable = true;

modules/restic.nix

@@ -27,9 +27,8 @@ let
 
     # Docker (state should be kept somewhere else)
     "/var/lib/docker/"
-  ];
+  ] ++ cfg.extraExcludes;
   excludesFile = pkgs.writeText "exludes.txt" (builtins.concatStringsSep "\n" excludes);
-  maybePath = path: (lib.optional (builtins.pathExists path) (toString path));
 
   # script to use restic as user without dealing with authentication
   authScript = pkgs.writeShellScriptBin "restic-auth" ''
@@ -57,6 +56,15 @@ in
           RandomizedDelaySec = "2h";
         };
       };
+    extraPaths = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [ ];
+      example = [ "/data" ];
+    };
+    extraExcludes = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [ ];
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -64,13 +72,11 @@ in
       inherit repository;
       passwordFile = toString <secrets/restic-password>;
       s3CredentialsFile = toString <secrets/restic-s3>;
-      paths = lib.mkDefault (
-        [ ]
-        ++ maybePath /data
-        ++ maybePath /home
-        ++ maybePath /srv
-        ++ maybePath /var
-      );
+      paths = [
+        "/home"
+        "/srv"
+        "/var"
+      ] ++ cfg.extraPaths;
       initialize = true;
       extraBackupArgs = [
         "--exclude-caches"