maxwell/jobs.nix

{ config, pkgs, lib, ... }:

with lib;

{

systemd.services.ydns = {
    description = "update ydns address record";
    after    = [ "network-online.target" ];
    startAt  = "*:0/30";

    serviceConfig.Type = "oneshot";
    serviceConfig.environmentFile = config.secrets.ydns.environment;

    path = with pkgs; [ curl cacert gawk iproute ];
    environment = {
      YDNS_HOST      = config.var.hostname;
      CURL_CA_BUNDLE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
    };

    script = ''
      update() {
        ret=$(curl -$1 --basic --silent \
          -u "$YDNS_USER:$YDNS_PASSWD" \
          "https://ydns.io/api/v1/update/?host=$YDNS_HOST&ip=$2" || exit 0)

        case "$ret" in
          ok)
            echo "updated successfully: $YDNS_HOST ($2)"
            ;;

          badauth)
            echo "updated failed: $YDNS_HOST (authentication failed)"
            ;;

          *)
            echo "update failed: $YDNS_HOST ($ret)"
            ;;
        esac
      }

      update 4 "$(curl -s -4 https://ydns.io/api/v1/ip)"
      update 6 "$(ip addr show mngtmpaddr | awk '/inet6/{print $2; exit}' | cut -d/ -f1)"
    '';
};


systemd.services.backup = {
  description = "run system backup";
  after   = [ "network-online.target" ];
  startAt = "weekly";

  serviceConfig.Type = "oneshot";

  path = with pkgs; [ bup git nfs-utils ];

  environment.BUP_DIR = "/mnt/backup";

  script = ''
    ${pkgs.fish}/bin/fish << 'EOF'

    set locations \
      /etc/lvm    \
      /etc/nixos  \
      /var/lib    \
      /home

    set excluded       \
      /var/lib/alsa    \
      /var/lib/systemd \
      /var/lib/udisks2 \
      /var/lib/udev    \
      /var/lib/postgresql

    # mount NFS share
    mkdir -p $BUP_DIR
    mount.nfs -o nolock 192.168.1.3:/maxwell $BUP_DIR

    # check if properly mounted
    if not mountpoint -q $BUP_DIR
      echo mount failed! 1>&2
      exit 1
    end

    # init backup
    if not test -e $BUP_DIR/bupindex
      bup init
    end

    # build indices and copy
    for i in $locations
      eval bup index $i --exclude=(string join " --exclude=" $excluded)
      bup save -n (basename $i) $i
    end

    # postgresql backup
    set dir /var/lib/postgresql-backup
    mkdir -p $dir
    sudo -u postgres pg_dumpall | gzip > $dir/db.bak
    bup index $dir
    bup save -n postgresql $dir
    rm -rf $dir

    umount /mnt/backup
    EOF
  '';
};


systemd.services.namecoin-update =
let
  userFile = with config.services.namecoind;
    pkgs.writeText "namecoin.conf" ''
    rpcbind=${rpc.address}
    rpcport=${toString rpc.port}
    rpcuser=${rpc.user}
    rpcpassword=${rpc.password}
    '';
in {
  description = "update namecoin names";
  after       = [ "namecoind.service" ];
  startAt     = "hourly";

  path = [ pkgs.namecoind ];
  serviceConfig.Type = "oneshot";
  serviceConfig.ExecStart = "${pkgs.haskellPackages.namecoin-update}/bin/namecoin-update ${userFile}";
};

}
initial commit 2020-10-20 01:11:28 +02:00			`{ config, pkgs, lib, ... }:`

			`with lib;`

			`{`

			`systemd.services.ydns = {`
			`description = "update ydns address record";`
			`after = [ "network-online.target" ];`
			`startAt = "*:0/30";`

			`serviceConfig.Type = "oneshot";`
			`serviceConfig.environmentFile = config.secrets.ydns.environment;`

			`path = with pkgs; [ curl cacert gawk iproute ];`
			`environment = {`
			`YDNS_HOST = config.var.hostname;`
			`CURL_CA_BUNDLE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";`
			`};`

			`script = ''`
			`update() {`
			`ret=$(curl -$1 --basic --silent \`
			`-u "$YDNS_USER:$YDNS_PASSWD" \`
			`"https://ydns.io/api/v1/update/?host=$YDNS_HOST&ip=$2" \|\| exit 0)`

			`case "$ret" in`
			`ok)`
			`echo "updated successfully: $YDNS_HOST ($2)"`
			`;;`

			`badauth)`
			`echo "updated failed: $YDNS_HOST (authentication failed)"`
			`;;`

			`*)`
			`echo "update failed: $YDNS_HOST ($ret)"`
			`;;`
			`esac`
			`}`

			`update 4 "$(curl -s -4 https://ydns.io/api/v1/ip)"`
			`update 6 "$(ip addr show mngtmpaddr \| awk '/inet6/{print $2; exit}' \| cut -d/ -f1)"`
			`'';`
			`};`


			`systemd.services.backup = {`
			`description = "run system backup";`
			`after = [ "network-online.target" ];`
			`startAt = "weekly";`

			`serviceConfig.Type = "oneshot";`

			`path = with pkgs; [ bup git nfs-utils ];`

			`environment.BUP_DIR = "/mnt/backup";`

			`script = ''`
			`${pkgs.fish}/bin/fish << 'EOF'`

			`set locations \`
			`/etc/lvm \`
			`/etc/nixos \`
			`/var/lib \`
			`/home`

			`set excluded \`
			`/var/lib/alsa \`
			`/var/lib/systemd \`
			`/var/lib/udisks2 \`
			`/var/lib/udev \`
			`/var/lib/postgresql`

			`# mount NFS share`
			`mkdir -p $BUP_DIR`
			`mount.nfs -o nolock 192.168.1.3:/maxwell $BUP_DIR`

			`# check if properly mounted`
			`if not mountpoint -q $BUP_DIR`
			`echo mount failed! 1>&2`
			`exit 1`
			`end`

			`# init backup`
			`if not test -e $BUP_DIR/bupindex`
			`bup init`
			`end`

			`# build indices and copy`
			`for i in $locations`
			`eval bup index $i --exclude=(string join " --exclude=" $excluded)`
			`bup save -n (basename $i) $i`
			`end`

			`# postgresql backup`
			`set dir /var/lib/postgresql-backup`
			`mkdir -p $dir`
			`sudo -u postgres pg_dumpall \| gzip > $dir/db.bak`
			`bup index $dir`
			`bup save -n postgresql $dir`
			`rm -rf $dir`

			`umount /mnt/backup`
			`EOF`
			`'';`
			`};`


			`systemd.services.namecoin-update =`
			`let`
			`userFile = with config.services.namecoind;`
			`pkgs.writeText "namecoin.conf" ''`
			`rpcbind=${rpc.address}`
			`rpcport=${toString rpc.port}`
			`rpcuser=${rpc.user}`
			`rpcpassword=${rpc.password}`
			`'';`
			`in {`
			`description = "update namecoin names";`
			`after = [ "namecoind.service" ];`
			`startAt = "hourly";`

			`path = [ pkgs.namecoind ];`
			`serviceConfig.Type = "oneshot";`
			`serviceConfig.ExecStart = "${pkgs.haskellPackages.namecoin-update}/bin/namecoin-update ${userFile}";`
			`};`

			`}`