let Schema = import "schemas/providers/backup.ncl" in { provider | Schema.BackupProvider | Schema.EncryptionRequired = { name = "kopia", binary = "kopia", features = { tags = true, ui = true, verify = true, mount = true, encryption = true, compression = true, dedup = 'global, streaming = true, }, mount_capable = true, streaming_capable = true, env = { required = ["KOPIA_PASSWORD"], optional = ["AWS_ACCESS_KEY_ID", "AWS_SECRET_ACCESS_KEY"], }, # kopia requires an explicit repository connect before any snapshot operation. # The runtime stores per-workspace state in config_file (ops/.kopia-config). connection = { required = true, status_subcmd = "repository status", connect_subcmd = "repository connect s3", state_file = ".kopia-config", s3_flags = { bucket = "--bucket", endpoint = "--endpoint", prefix = "--prefix", }, }, commands = { backup = { subcmd = "snapshot create", tag_flag = "--tags", # No repo_flag — kopia uses the connected config_file. snapshot_id_regex = "and ID (?P[a-f0-9]+) in", }, restore = { subcmd = "restore", # kopia: restore (positional, no flag). target_flag = "", }, list = { subcmd = "snapshot list", tag_flag = "--tags", }, # kopia retention: policy set → snapshot expire (two-step model). forget = { subcmd = "snapshot expire", extra_flags = ["--delete", "--all-sources"], policy_subcmd = "policy set", policy_keep_flags = { keep_latest = "--keep-latest", keep_monthly = "--keep-monthly", keep_annual = "--keep-annual", }, }, verify = { subcmd = "repository verify", }, }, }, }