From 6b46bc4bc2ad5507bf8049ae446a0dce2555c5a4 Mon Sep 17 00:00:00 2001
From: Henri Dohmen <henridohmen@posteo.com>
Date: Sat, 4 Apr 2026 13:40:16 +0200
Subject: [PATCH] git repo backup

---
 host/roam/backup.nix | 36 ++++++++++++++++++++++++++++++++++--
 1 file changed, 34 insertions(+), 2 deletions(-)

diff --git a/host/roam/backup.nix b/host/roam/backup.nix
index d64cc5c..00bdb2f 100644
--- a/host/roam/backup.nix
+++ b/host/roam/backup.nix
@@ -23,13 +23,45 @@
     services."backup-rclone" =
       let
         conf = config.age.secrets.roam-rclone-conf.path;
+        forgejo-repos = config.services.forgejo.repositoryRoot;
       in
       {
+        # Backs up git repos (bare /git/* and forgejo) to an rclone crypt remote
+        # as bundles to avoid crypt path-length limits. Documents are synced to
+        # OneDrive directly (not odc) since syncthing already encrypts them via
+        # receiveEncrypted.
         script = ''
           ${pkgs.rclone}/bin/rclone --config ${conf} copy /data/sync/documents-hd onedrive:sync
-          ${pkgs.rclone}/bin/rclone --config ${conf} copy /git odc:git
+
+          tmpdir=$(mktemp -d)
+          trap "rm -rf $tmpdir" EXIT
+
+          for repo in /git/*/; do
+            [ -f "$repo/HEAD" ] || continue
+            ${pkgs.git}/bin/git -c safe.directory="$repo" -C "$repo" show-ref --quiet || continue
+            name=$(basename "$repo")
+            ${pkgs.git}/bin/git -c safe.directory="$repo" -C "$repo" bundle create "$tmpdir/$name.bundle" --all
+          done
+          ${pkgs.rclone}/bin/rclone --config ${conf} sync "$tmpdir" odc:git
+
+          tmpdir_forgejo=$(mktemp -d)
+          trap "rm -rf $tmpdir_forgejo" EXIT
+
+          for owner in ${forgejo-repos}/*/; do
+            for repo in "$owner"*/; do
+              [ -f "$repo/HEAD" ] || continue
+              ${pkgs.git}/bin/git -c safe.directory="$repo" -C "$repo" show-ref --quiet || continue
+              owner_name=$(basename "$owner")
+              repo_name=$(basename "$repo")
+              ${pkgs.git}/bin/git -c safe.directory="$repo" -C "$repo" bundle create "$tmpdir_forgejo/''${owner_name}__''${repo_name}.bundle" --all
+            done
+          done
+          ${pkgs.rclone}/bin/rclone --config ${conf} sync "$tmpdir_forgejo" odc:forgejo-git
         '';
-        path = [ pkgs.rclone ];
+        path = [
+          pkgs.rclone
+          pkgs.git
+        ];
         serviceConfig = {
           Type = "oneshot";
           User = "root";