maxwell/jobs.nix

{ config, pkgs, lib, ... }:

with lib;

{

  systemd.services."notify-failed@" = {
    description = "notify that %i has failed";
    scriptArgs = "%i";
    path = [ pkgs.maxwell-notify ];
    script = ''
      unit=$1
      notify "$unit: failed. last log lines:"
      journalctl -u "$unit" -o cat -n 15 | notify
    '';
  };

  systemd.services.ydns = {
    description = "update ydns address record";
    after    = [ "network-online.target" ];
    startAt  = "*:0/30";

    serviceConfig.Type = "oneshot";
    serviceConfig.environmentFile = config.secrets.environments.ydns;

    path = with pkgs; [ curl cacert gawk iproute ];
    environment = {
      YDNS_HOST      = config.var.hostname;
      CURL_CA_BUNDLE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
    };

    script = ''
      update() {
        ret=$(curl -$1 --basic --silent \
          -u "$YDNS_USER:$YDNS_PASSWD" \
          "https://ydns.io/api/v1/update/?host=$YDNS_HOST&ip=$2" || exit 0)

        case "$ret" in
          ok)
            echo "updated successfully: $YDNS_HOST ($2)"
            ;;

          badauth)
            echo "updated failed: $YDNS_HOST (authentication failed)"
            ;;

          *)
            echo "update failed: $YDNS_HOST ($ret)"
            ;;
        esac
      }

      update 4 "$(curl -s -4 https://ydns.io/api/v1/ip)"
      update 6 "$(ip addr show mngtmpaddr | awk '/inet6/{print $2; exit}' | cut -d/ -f1)"
    '';
  };

  systemd.mounts = lib.singleton
    {
      description = "backup volume";
      what   = "/dev/mapper/backup-maxwell";
      where  = "/mnt/backup";
      partOf = [ "backup.service" ];
    };

  systemd.services.backup =
  let
    saved = pkgs.writeText "backup-saved" ''
      /etc/lvm
      /var/lib
      /home
    '';

    excluded = pkgs.writeText "backup-excluded" ''
      /var/lib/systemd
      /var/lib/udisks2
      /var/lib/postgresql
      /var/lib/matrix-synapse/media_store/url_cache
      /var/lib/matrix-synapse/media_store/url_cache_thumbnails
    '';

  in {
    description = "system backup";
    after       = [ "mnt-backup.mount" ];
    requires    = [ "mnt-backup.mount" ];
    startAt     = "*-*-* 03:00";  # every day at 3:00
    onFailure   = [ "notify-failed@backup.service" ];

    serviceConfig = {
      Type = "oneshot";
      PrivateTmp = true;
      LimitNOFILE = 65536;
    };

    environment.BUP_DIR = "/mnt/backup";
    path = with pkgs; [ bup git nfs-utils sudo gzip postgresql ];

    script = ''
      # mount repository
      mkdir -p "$BUP_DIR"

      # init backup
      ! test -e $BUP_DIR/bupindex && bup init

      # build indices and save
      while read -r dir; do
        {
          name=$(basename "$dir")
          echo indexing $name...
          bup index "$dir" --exclude-from="${excluded}"
          echo done

          echo saving $name...
          bup save -n "$name" "$dir" || true
          echo done
        } || true
      done < "${saved}"

      # postgresql backup
      dir=/tmp/postgresql
      mkdir -p "$dir"

      echo dumping databases...
      sudo -u postgres pg_dumpall > "$dir"/db.bak
      echo done

      echo saving...
      bup index "$dir"
      bup save -n postgresql "$dir" --strip-path=/tmp
      echo done

      echo generating par2 files...
      bup fsck -j 8 -g
      echo done

      # prune backups every week
      if test $(( $(date +%s) / 86400 % 7 )) -eq 0; then
        echo pruning...
        bup prune-older --keep-all-for 6m --keep-monthlies-for 2y --unsafe
        echo done
      fi
    '';
  };


  systemd.services.namecoin-update =
  let
    userFile = with config.services.namecoind;
      pkgs.writeText "namecoin.conf" ''
      rpcbind=${rpc.address}
      rpcport=${toString rpc.port}
      rpcuser=${rpc.user}
      rpcpassword=${rpc.password}
      '';
  in {
    description = "update namecoin names";
    after       = [ "namecoind.service" ];
    startAt     = "hourly";
    onFailure   = [ "notify-failed@namecoin-update.service" ];

    path = [ pkgs.namecoind ];
    serviceConfig.Type = "oneshot";
    serviceConfig.ExecStart = "${pkgs.haskellPackages.namecoin-update}/bin/namecoin-update ${userFile}";
  };

}
initial commit 2020-10-20 01:11:28 +02:00			`{ config, pkgs, lib, ... }:`

			`with lib;`

			`{`

jobs: notify on failure 2022-10-18 18:24:45 +02:00			`systemd.services."notify-failed@" = {`
			`description = "notify that %i has failed";`
			`scriptArgs = "%i";`
			`path = [ pkgs.maxwell-notify ];`
			`script = ''`
			`unit=$1`
			`notify "$unit: failed. last log lines:"`
			`journalctl -u "$unit" -o cat -n 15 \| notify`
			`'';`
			`};`

jobs: rework the backup script 2022-10-12 10:52:40 +02:00			`systemd.services.ydns = {`
initial commit 2020-10-20 01:11:28 +02:00			`description = "update ydns address record";`
			`after = [ "network-online.target" ];`
			`startAt = "*:0/30";`

			`serviceConfig.Type = "oneshot";`
secrets: reorganise environment files 2021-09-29 17:20:23 +02:00			`serviceConfig.environmentFile = config.secrets.environments.ydns;`
initial commit 2020-10-20 01:11:28 +02:00
			`path = with pkgs; [ curl cacert gawk iproute ];`
			`environment = {`
			`YDNS_HOST = config.var.hostname;`
			`CURL_CA_BUNDLE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";`
			`};`

			`script = ''`
			`update() {`
			`ret=$(curl -$1 --basic --silent \`
			`-u "$YDNS_USER:$YDNS_PASSWD" \`
			`"https://ydns.io/api/v1/update/?host=$YDNS_HOST&ip=$2" \|\| exit 0)`

			`case "$ret" in`
			`ok)`
			`echo "updated successfully: $YDNS_HOST ($2)"`
			`;;`

			`badauth)`
			`echo "updated failed: $YDNS_HOST (authentication failed)"`
			`;;`

			`*)`
			`echo "update failed: $YDNS_HOST ($ret)"`
			`;;`
			`esac`
			`}`

			`update 4 "$(curl -s -4 https://ydns.io/api/v1/ip)"`
			`update 6 "$(ip addr show mngtmpaddr \| awk '/inet6/{print $2; exit}' \| cut -d/ -f1)"`
			`'';`
jobs: rework the backup script 2022-10-12 10:52:40 +02:00			`};`
initial commit 2020-10-20 01:11:28 +02:00
jobs: prune backups every 7 days 2023-07-11 12:15:05 +02:00			`systemd.mounts = lib.singleton`
			`{`
jobs: configure local backups 2024-03-19 14:09:33 +01:00			`description = "backup volume";`
			`what = "/dev/mapper/backup-maxwell";`
			`where = "/mnt/backup";`
			`partOf = [ "backup.service" ];`
jobs: prune backups every 7 days 2023-07-11 12:15:05 +02:00			`};`
initial commit 2020-10-20 01:11:28 +02:00
jobs: rework the backup script 2022-10-12 10:52:40 +02:00			`systemd.services.backup =`
			`let`
jobs: prune backups every 7 days 2023-07-11 12:15:05 +02:00			`saved = pkgs.writeText "backup-saved" ''`
jobs: rework the backup script 2022-10-12 10:52:40 +02:00			`/etc/lvm`
			`/var/lib`
			`/home`
			`'';`
initial commit 2020-10-20 01:11:28 +02:00
jobs: prune backups every 7 days 2023-07-11 12:15:05 +02:00			`excluded = pkgs.writeText "backup-excluded" ''`
jobs: rework the backup script 2022-10-12 10:52:40 +02:00			`/var/lib/systemd`
			`/var/lib/udisks2`
			`/var/lib/postgresql`
			`/var/lib/matrix-synapse/media_store/url_cache`
			`/var/lib/matrix-synapse/media_store/url_cache_thumbnails`
			`'';`
initial commit 2020-10-20 01:11:28 +02:00
jobs: rework the backup script 2022-10-12 10:52:40 +02:00			`in {`
			`description = "system backup";`
jobs: configure local backups 2024-03-19 14:09:33 +01:00			`after = [ "mnt-backup.mount" ];`
			`requires = [ "mnt-backup.mount" ];`
jobs: notify on failure 2022-10-18 18:24:45 +02:00			`startAt = "--* 03:00"; # every day at 3:00`
			`onFailure = [ "notify-failed@backup.service" ];`
initial commit 2020-10-20 01:11:28 +02:00
jobs: rework the backup script 2022-10-12 10:52:40 +02:00			`serviceConfig = {`
			`Type = "oneshot";`
			`PrivateTmp = true;`
			`LimitNOFILE = 65536;`
			`};`
initial commit 2020-10-20 01:11:28 +02:00
jobs: rework the backup script 2022-10-12 10:52:40 +02:00			`environment.BUP_DIR = "/mnt/backup";`
			`path = with pkgs; [ bup git nfs-utils sudo gzip postgresql ];`
initial commit 2020-10-20 01:11:28 +02:00
jobs: rework the backup script 2022-10-12 10:52:40 +02:00			`script = ''`
			`# mount repository`
			`mkdir -p "$BUP_DIR"`

			`# init backup`
			`! test -e $BUP_DIR/bupindex && bup init`

			`# build indices and save`
			`while read -r dir; do`
jobs: configure local backups 2024-03-19 14:09:33 +01:00			`{`
			`name=$(basename "$dir")`
			`echo indexing $name...`
			`bup index "$dir" --exclude-from="${excluded}"`
			`echo done`

			`echo saving $name...`
			`bup save -n "$name" "$dir" \|\| true`
			`echo done`
			`} \|\| true`
jobs: prune backups every 7 days 2023-07-11 12:15:05 +02:00			`done < "${saved}"`
jobs: rework the backup script 2022-10-12 10:52:40 +02:00
			`# postgresql backup`
			`dir=/tmp/postgresql`
			`mkdir -p "$dir"`

			`echo dumping databases...`
jobs: configure local backups 2024-03-19 14:09:33 +01:00			`sudo -u postgres pg_dumpall > "$dir"/db.bak`
jobs: rework the backup script 2022-10-12 10:52:40 +02:00			`echo done`

			`echo saving...`
			`bup index "$dir"`
			`bup save -n postgresql "$dir" --strip-path=/tmp`
			`echo done`
jobs: prune old backups 2022-10-18 00:08:58 +02:00
jobs: configure local backups 2024-03-19 14:09:33 +01:00			`echo generating par2 files...`
			`bup fsck -j 8 -g`
			`echo done`

jobs: prune backups every 7 days 2023-07-11 12:15:05 +02:00			`# prune backups every week`
			`if test $(( $(date +%s) / 86400 % 7 )) -eq 0; then`
			`echo pruning...`
			`bup prune-older --keep-all-for 6m --keep-monthlies-for 2y --unsafe`
			`echo done`
			`fi`
initial commit 2020-10-20 01:11:28 +02:00			`'';`
jobs: rework the backup script 2022-10-12 10:52:40 +02:00			`};`


			`systemd.services.namecoin-update =`
			`let`
			`userFile = with config.services.namecoind;`
			`pkgs.writeText "namecoin.conf" ''`
			`rpcbind=${rpc.address}`
			`rpcport=${toString rpc.port}`
			`rpcuser=${rpc.user}`
			`rpcpassword=${rpc.password}`
			`'';`
			`in {`
			`description = "update namecoin names";`
			`after = [ "namecoind.service" ];`
			`startAt = "hourly";`
jobs: notify on failure 2022-10-18 18:24:45 +02:00			`onFailure = [ "notify-failed@namecoin-update.service" ];`
jobs: rework the backup script 2022-10-12 10:52:40 +02:00
			`path = [ pkgs.namecoind ];`
			`serviceConfig.Type = "oneshot";`
			`serviceConfig.ExecStart = "${pkgs.haskellPackages.namecoin-update}/bin/namecoin-update ${userFile}";`
			`};`
initial commit 2020-10-20 01:11:28 +02:00
			`}`