yanlin/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

remove gotify and borg integrety check

Browse source
This commit is contained in:
Yan Lin 2025-10-10 01:24:22 +02:00
parent 4e4294d334
commit 397e97561c
11 changed files with 18 additions and 986 deletions
Download patch file Download diff file Expand all files Collapse all files

192
modules/borg-client.nix
View file

@ -139,56 +139,6 @@ in
example = "echo 'Backup completed.'";
description = "Commands to run after successful backup";
};
enableNotifications = mkOption {
type = types.bool;
default = false;
description = "Enable Gotify notifications for backup status";
};
gotifyUrl = mkOption {
type = types.str;
default = "";
example = "https://notify.yanlincs.com";
description = "Gotify server URL for notifications";
};
gotifyToken = mkOption {
type = types.str;
default = "";
example = "Ac9qKFH5cA.7Yly";
description = "Gotify API token for notifications";
};
enableIntegrityCheck = mkOption {
type = types.bool;
default = false;
description = "Enable regular integrity checks of the Borg repository";
};
integrityCheckFrequency = mkOption {
type = types.str;
default = "weekly";
example = "Sun *-*-* 04:00:00";
description = "Systemd timer frequency for integrity checks (OnCalendar format)";
};
integrityCheckDepth = mkOption {
type = types.enum [ "repository" "archives" "data" ];
default = "archives";
description = ''
Depth of integrity check:
- repository: Check repository consistency only (fastest)
- archives: Check repository and archive metadata (recommended)
- data: Full data verification including content (slowest)
'';
};
integrityCheckLastArchives = mkOption {
type = types.int;
default = 3;
description = "Number of most recent archives to check when using data verification";
};
};
config = mkIf cfg.enable {
@ -244,36 +194,8 @@ in
"--keep-yearly ${toString keepYearly}"
];
in ''
# Error handling function for notifications
send_error_notification() {
local error_msg="$1"
echo "ERROR: $error_msg" >&2
if [ "${toString cfg.enableNotifications}" = "1" ] && [ -n "${cfg.gotifyUrl}" ] && [ -n "${cfg.gotifyToken}" ]; then
/home/yanlin/.config/nix/scripts/gotify-notify.sh \
"${cfg.gotifyUrl}" \
"${cfg.gotifyToken}" \
"high" \
"Backup Failed" \
"$error_msg" || echo "Failed to send error notification" >&2
fi
}
# Helper function for safe notifications (non-blocking)
send_success_notification() {
local message="$1"
echo "INFO: $message"
if [ "${toString cfg.enableNotifications}" = "1" ] && [ -n "${cfg.gotifyUrl}" ] && [ -n "${cfg.gotifyToken}" ]; then
/home/yanlin/.config/nix/scripts/gotify-notify.sh \
"${cfg.gotifyUrl}" \
"${cfg.gotifyToken}" \
"normal" \
"Backup Completed" \
"$message" || echo "Failed to send success notification (non-critical)" >&2
fi
}
# Only trap critical failures - not notification or parsing failures
trap 'send_error_notification "Critical backup failure with exit code $? at line $LINENO"; exit 1' ERR
# Error handling
trap 'echo "ERROR: Critical backup failure with exit code $? at line $LINENO" >&2; exit 1' ERR
set -e
# Set SSH command for remote repositories
@ -394,15 +316,12 @@ in
# Add basic success info
BACKUP_STATS="Backup completed successfully. ''$BACKUP_STATS"
echo "Backup statistics: ''$BACKUP_STATS"
# Send notification (non-blocking)
send_success_notification "''$BACKUP_STATS"
} || {
echo "WARNING: Statistics extraction or notification failed, but backup succeeded" >&2
send_success_notification "Backup completed successfully for ${config.networking.hostName}"
echo "WARNING: Statistics extraction failed, but backup succeeded" >&2
echo "Backup completed successfully for ${config.networking.hostName}"
}
echo "Backup process completed successfully"
@ -421,97 +340,8 @@ in
};
};
# Enable and start the timers
systemd.targets.multi-user.wants = [ "borg-backup.timer" ]
++ (if cfg.enableIntegrityCheck then [ "borg-integrity-check.timer" ] else []);
# Systemd service for integrity checks
systemd.services.borg-integrity-check = mkIf cfg.enableIntegrityCheck {
description = "Borg Repository Integrity Check";
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
# Add borg and required tools to the service's PATH
path = [ pkgs.borgbackup pkgs.openssh pkgs.curl ];
serviceConfig = {
Type = "oneshot";
User = "root";
Group = "root";
# Security settings
PrivateTmp = true;
ProtectSystem = "strict";
# Disable ProtectHome for SSH repositories to allow SSH key access
ProtectHome = mkIf (!(lib.hasPrefix "ssh://" cfg.repositoryUrl)) "read-only";
# Only add ReadWritePaths for local repositories
ReadWritePaths = mkIf (!(lib.hasPrefix "ssh://" cfg.repositoryUrl)) [ cfg.repositoryUrl ];
# Environment
Environment = [
"BORG_REPO=${cfg.repositoryUrl}"
"BORG_RELOCATED_REPO_ACCESS_IS_OK=yes"
"BORG_UNKNOWN_UNENCRYPTED_REPO_ACCESS_IS_OK=no"
];
EnvironmentFile = mkIf (cfg.passphraseFile != "") cfg.passphraseFile;
};
script = ''
# Set SSH command for remote repositories
export BORG_RSH="${cfg.sshCommand}"
# Load passphrase from environment file
if [ -f "${cfg.passphraseFile}" ]; then
source "${cfg.passphraseFile}"
fi
# Ensure root has access to SSH keys for remote repositories
if [[ "${cfg.repositoryUrl}" == ssh://* ]]; then
mkdir -p /root/.ssh
chmod 700 /root/.ssh
# Copy SSH config if it exists
if [ -f /home/yanlin/.ssh/config ]; then
cp /home/yanlin/.ssh/config /root/.ssh/config
chmod 600 /root/.ssh/config
fi
# Copy necessary SSH keys
if [ -d /home/yanlin/.ssh/keys ]; then
cp -r /home/yanlin/.ssh/keys /root/.ssh/
chmod -R 600 /root/.ssh/keys
fi
# Copy known_hosts to avoid host key verification issues
if [ -f /home/yanlin/.ssh/known_hosts ]; then
cp /home/yanlin/.ssh/known_hosts /root/.ssh/known_hosts
chmod 600 /root/.ssh/known_hosts
fi
fi
# Run the integrity check script
/home/yanlin/.config/nix/scripts/borg-integrity-check.sh \
"${cfg.repositoryUrl}" \
"${cfg.integrityCheckDepth}" \
"${toString cfg.integrityCheckLastArchives}" \
"${toString cfg.enableNotifications}" \
"${cfg.gotifyUrl}" \
"${cfg.gotifyToken}" \
"${config.networking.hostName}"
'';
};
# Systemd timer for scheduled integrity checks
systemd.timers.borg-integrity-check = mkIf cfg.enableIntegrityCheck {
description = "Borg Integrity Check Timer";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = cfg.integrityCheckFrequency;
Persistent = true;
RandomizedDelaySec = "1h"; # Add randomization to avoid load spikes
};
};
# Enable and start the backup timer
systemd.targets.multi-user.wants = [ "borg-backup.timer" ];
# Create a convenience script for manual backups
environment.etc."borg-backup-manual" = {
@ -536,10 +366,6 @@ in
borg-backup-now = "sudo systemctl start borg-backup.service";
borg-list = "BORG_REPO='${cfg.repositoryUrl}' BORG_RSH='${cfg.sshCommand}' borg list";
borg-info = "BORG_REPO='${cfg.repositoryUrl}' BORG_RSH='${cfg.sshCommand}' borg info";
} // (if cfg.enableIntegrityCheck then {
borg-check-now = "sudo systemctl start borg-integrity-check.service";
borg-check-status = "systemctl status borg-integrity-check.service borg-integrity-check.timer";
borg-check-logs = "journalctl -u borg-integrity-check.service -f";
} else {});
};
};
}

23
modules/container-updater.nix
View file

@ -27,33 +27,12 @@ in
List of container names to exclude from automatic updates.
'';
};
enableNotifications = mkOption {
type = types.bool;
default = false;
description = "Enable Gotify notifications for update status";
};
gotifyUrl = mkOption {
type = types.str;
default = "";
example = "https://notify.yanlincs.com";
description = "Gotify server URL for notifications";
};
gotifyToken = mkOption {
type = types.str;
default = "";
example = "Ac9qKFH5cA.7Yly";
description = "Gotify API token for notifications";
};
};
config = mkIf cfg.enable {
# Ensure the update script exists and is executable
system.activationScripts.container-updater = ''
chmod +x /home/yanlin/.config/nix/scripts/container-update.sh
chmod +x /home/yanlin/.config/nix/scripts/gotify-notify.sh
'';
# Shell alias for manual execution
@ -68,8 +47,6 @@ in
wants = [ "network-online.target" ];
environment = {
GOTIFY_URL = mkIf cfg.enableNotifications cfg.gotifyUrl;
GOTIFY_TOKEN = mkIf cfg.enableNotifications cfg.gotifyToken;
EXCLUDE_CONTAINERS = concatStringsSep "," cfg.excludeContainers;
};

98
modules/smart-report.nix
View file

@ -1,98 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.smart-report;
# Create the smart-report script wrapper
smartReportScript = pkgs.writeShellScriptBin "smart-report" ''
set -euo pipefail
# Set environment variable if drives are configured
${optionalString (cfg.drives != {}) ''
export SMART_DRIVES="${concatStringsSep ";" (mapAttrsToList (device: name: "${device}:${name}") cfg.drives)}"
''}
# Execute the actual script
exec ${pkgs.bash}/bin/bash ${cfg.scriptPath} ${cfg.gotifyToken}
'';
in {
options.services.smart-report = {
enable = mkOption {
type = types.bool;
default = false;
description = "Enable SMART disk health reporting";
};
drives = mkOption {
type = types.attrsOf types.str;
default = {};
description = "Drives to monitor (device path -> name mapping)";
example = {
"/dev/disk/by-id/ata-Samsung_SSD" = "System_SSD";
};
};
scriptPath = mkOption {
type = types.str;
default = "/home/yanlin/.config/nix/scripts/daily-smart-report.sh";
description = "Path to the SMART report script";
};
gotifyToken = mkOption {
type = types.str;
description = "Gotify notification token";
};
schedule = mkOption {
type = types.str;
default = "08:00:00";
description = "Time to run the daily report (systemd calendar format)";
};
enableSystemdService = mkOption {
type = types.bool;
default = false;
description = "Enable systemd timer for automatic daily reports";
};
};
config = mkIf cfg.enable {
# Install the wrapper script package
environment.systemPackages = [ smartReportScript ];
# Shell alias for manual execution
environment.shellAliases = {
smart-report-now = "sudo systemctl start daily-smart-report.service";
};
# Configure systemd service if enabled
systemd.services.daily-smart-report = mkIf cfg.enableSystemdService {
description = "Daily SMART Health Report";
after = [ "multi-user.target" ];
path = with pkgs; [ smartmontools bash coreutils gnugrep gawk gnused curl ];
environment = {
SMART_DRIVES = concatStringsSep ";" (mapAttrsToList (device: name: "${device}:${name}") cfg.drives);
};
serviceConfig = {
Type = "oneshot";
User = "root";
ExecStart = "${smartReportScript}/bin/smart-report";
StandardOutput = "journal";
StandardError = "journal";
};
};
systemd.timers.daily-smart-report = mkIf cfg.enableSystemdService {
description = "Daily SMART Report Timer";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = cfg.schedule;
Persistent = true;
RandomizedDelaySec = "5m";
};
};
};
}

51
modules/yt-dlp.nix
View file

@ -23,26 +23,6 @@ in
example = "/mnt/storage/videos";
description = "Base directory for downloaded videos";
};
enableNotifications = mkOption {
type = types.bool;
default = false;
description = "Enable Gotify notifications for download status";
};
gotifyUrl = mkOption {
type = types.str;
default = "";
example = "https://notify.yanlincs.com";
description = "Gotify server URL for notifications";
};
gotifyToken = mkOption {
type = types.str;
default = "";
example = "Ac9qKFH5cA.7Yly";
description = "Gotify API token for notifications (host-specific)";
};
};
config = mkIf cfg.enable {
@ -104,11 +84,6 @@ in
MAX_RETRIES=10
BASE_DELAY=10
# Notification configuration
ENABLE_NOTIFICATIONS="${toString cfg.enableNotifications}"
GOTIFY_URL="${cfg.gotifyUrl}"
GOTIFY_TOKEN="${cfg.gotifyToken}"
# Helper function to create writable cookie file
_setup_temp_cookies() {
local cookies_file="$1"
@ -122,26 +97,6 @@ in
fi
}
# Notification helper function
_send_download_notification() {
local priority="$1"
local title="$2"
local message="$3"
if [[ "$ENABLE_NOTIFICATIONS" == "1" ]] && [[ -n "$GOTIFY_URL" ]] && [[ -n "$GOTIFY_TOKEN" ]]; then
if [[ -x "$HOME/.config/nix/scripts/gotify-notify.sh" ]]; then
"$HOME/.config/nix/scripts/gotify-notify.sh" \
"$GOTIFY_URL" \
"$GOTIFY_TOKEN" \
"$priority" \
"$title" \
"$message" 2>/dev/null || echo "Failed to send notification (non-critical)" >&2
else
echo "Notification script not found or not executable" >&2
fi
fi
}
# Retry wrapper function with exponential backoff
_retry_download() {
local cmd="$1"
@ -353,9 +308,6 @@ in
echo " Download completed successfully"
fi
# Send success notification
_send_download_notification "normal" "Download Completed" "$success_msg"
local result=0
else
# Build failure message
@ -369,9 +321,6 @@ in
echo " Download failed after $MAX_RETRIES attempts"
fi
# Send failure notification
_send_download_notification "high" "Download Failed" "$fail_msg"
local result=1
fi