Get another restic backup channel going for some of our bigger segments of data

hosts/nixos/HandlerOne/backup.nix

@@ -9,8 +9,6 @@ let
     paths = [
       # Pocket-ID
       "/var/lib/pocket-id"
-      # homebox.nix
-      "/var/lib/homebox/data"
       "/var/lib/forgejo"
       "/var/lib/mealie"
 
@@ -26,11 +24,6 @@ let
       "/var/lib/tuwunel"
       "/var/lib/paperless/export"
 
-      # flamesites
-      "${volumePath}/flamesites/swgalaxyproject"
-      "${volumePath}/flamesites/nnsbluegrass"
-      "/home/crow/swgalaxysite/public_html"
-      "/home/crow/flamebandsite/public_html"
     ];
   };
 in
@@ -41,13 +34,32 @@ in
 }:
 {
   # Restic secrets
-  sops.secrets."restic/borg-base/url" = { };
-  sops.secrets."restic/borg-base/key" = { };
+  sops.secrets = {
+    "restic/borg-base/url" = { };
+    "restic/borg-base/key" = { };
+    "restic/hetzner-handlerone/url" = { };
+    "restic/hetzner-handlerone/key" = { };
+  };
 
   services.restic.backups = {
     borg-base = restic-default // {
       repositoryFile = config.sops.secrets."restic/borg-base/url".path;
       passwordFile = config.sops.secrets."restic/borg-base/key".path;
     };
+    hetzner-handlerone = {
+      initialize = true;
+      extraOptions = [
+        "sftp.args='-i /etc/ssh/ssh_host_ed25519_key -p 23'"
+      ];
+      repositoryFile = config.sops.secrets."restic/hetzner-handlerone/url".path;
+      passwordFile = config.sops.secrets."restic/hetzner-handlerone/key".path;
+      paths = [
+        "${volumePath}/flamesites/swgalaxyproject"
+        "${volumePath}/flamesites/nnsbluegrass"
+        "/home/crow/swgalaxysite/public_html"
+        "/home/crow/flamebandsite/public_html"
+      ];
+    }
+    // restic-default;
   };
 }