130 lines
2.9 KiB
Nix
130 lines
2.9 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
with lib;
|
|
|
|
{
|
|
|
|
systemd.services.ydns = {
|
|
description = "update ydns address record";
|
|
after = [ "network-online.target" ];
|
|
startAt = "*:0/30";
|
|
|
|
serviceConfig.Type = "oneshot";
|
|
serviceConfig.environmentFile = config.secrets.environments.ydns;
|
|
|
|
path = with pkgs; [ curl cacert gawk iproute ];
|
|
environment = {
|
|
YDNS_HOST = config.var.hostname;
|
|
CURL_CA_BUNDLE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
|
|
};
|
|
|
|
script = ''
|
|
update() {
|
|
ret=$(curl -$1 --basic --silent \
|
|
-u "$YDNS_USER:$YDNS_PASSWD" \
|
|
"https://ydns.io/api/v1/update/?host=$YDNS_HOST&ip=$2" || exit 0)
|
|
|
|
case "$ret" in
|
|
ok)
|
|
echo "updated successfully: $YDNS_HOST ($2)"
|
|
;;
|
|
|
|
badauth)
|
|
echo "updated failed: $YDNS_HOST (authentication failed)"
|
|
;;
|
|
|
|
*)
|
|
echo "update failed: $YDNS_HOST ($ret)"
|
|
;;
|
|
esac
|
|
}
|
|
|
|
update 4 "$(curl -s -4 https://ydns.io/api/v1/ip)"
|
|
update 6 "$(ip addr show mngtmpaddr | awk '/inet6/{print $2; exit}' | cut -d/ -f1)"
|
|
'';
|
|
};
|
|
|
|
|
|
systemd.services.backup = {
|
|
description = "run system backup";
|
|
after = [ "network-online.target" ];
|
|
startAt = "weekly";
|
|
|
|
serviceConfig.Type = "oneshot";
|
|
|
|
path = with pkgs; [ bup git nfs-utils ];
|
|
|
|
environment.BUP_DIR = "/mnt/backup";
|
|
|
|
script = ''
|
|
${pkgs.fish}/bin/fish << 'EOF'
|
|
|
|
set locations \
|
|
/etc/lvm \
|
|
/etc/nixos \
|
|
/var/lib \
|
|
/home
|
|
|
|
set excluded \
|
|
/var/lib/alsa \
|
|
/var/lib/systemd \
|
|
/var/lib/udisks2 \
|
|
/var/lib/udev \
|
|
/var/lib/postgresql
|
|
|
|
# mount NFS share
|
|
mkdir -p $BUP_DIR
|
|
mount.nfs -o nolock 192.168.1.3:/maxwell $BUP_DIR
|
|
|
|
# check if properly mounted
|
|
if not mountpoint -q $BUP_DIR
|
|
echo mount failed! 1>&2
|
|
exit 1
|
|
end
|
|
|
|
# init backup
|
|
if not test -e $BUP_DIR/bupindex
|
|
bup init
|
|
end
|
|
|
|
# build indices and copy
|
|
for i in $locations
|
|
eval bup index $i --exclude=(string join " --exclude=" $excluded)
|
|
bup save -n (basename $i) $i
|
|
end
|
|
|
|
# postgresql backup
|
|
set dir /var/lib/postgresql-backup
|
|
mkdir -p $dir
|
|
sudo -u postgres pg_dumpall | gzip > $dir/db.bak
|
|
bup index $dir
|
|
bup save -n postgresql $dir
|
|
rm -rf $dir
|
|
|
|
umount /mnt/backup
|
|
EOF
|
|
'';
|
|
};
|
|
|
|
|
|
systemd.services.namecoin-update =
|
|
let
|
|
userFile = with config.services.namecoind;
|
|
pkgs.writeText "namecoin.conf" ''
|
|
rpcbind=${rpc.address}
|
|
rpcport=${toString rpc.port}
|
|
rpcuser=${rpc.user}
|
|
rpcpassword=${rpc.password}
|
|
'';
|
|
in {
|
|
description = "update namecoin names";
|
|
after = [ "namecoind.service" ];
|
|
startAt = "hourly";
|
|
|
|
path = [ pkgs.namecoind ];
|
|
serviceConfig.Type = "oneshot";
|
|
serviceConfig.ExecStart = "${pkgs.haskellPackages.namecoin-update}/bin/namecoin-update ${userFile}";
|
|
};
|
|
|
|
}
|