dotfiles/home/Vault.nix

{ inputs, config, pkgs, ... }:
let
  notify_script = (pkgs.writers.writePython3Bin "telegram-notify.py" {
    libraries = [ pkgs.python3Packages.python-telegram-bot ];
  } ''
    import telegram
    import asyncio
    import sys
    import subprocess


    async def run():
        text = subprocess.check_output(
            ["journalctl", "--user", "-u", sys.argv[1], "-b"]
        ).decode("utf-8")

        with open("/home/server/mail.log", "a") as f:
            f.write("===========================================")
            f.write(text)

        bot = telegram.Bot(token="381718873:AAElFmI2BDjumCehhWicuksE0vutrPSkoGA")
        chat_id = 125754925
        await bot.send_message(
            chat_id, "Vault encountered an error in the service: " + sys.argv[1]
        )

        await bot.send_message(chat_id, text)


    if __name__ == "__main__":
        loop = asyncio.get_event_loop()
        loop.run_until_complete(asyncio.wait([loop.create_task(run())]))
        loop.close()
  '');
  mkTimer = name: cfg: {
    Install.WantedBy = [ "timers.target" ];
    Timer = {
      Persistent = true;
      OnCalendar = cfg.when;
      Unit = "${name}.service";
    };
  };
  mkService = name: cfg: {
    Unit.Description = name;
    Unit.OnFailure = "status_notify@%n.service";
    Install = { WantedBy = [ "default.target" ]; };
    Service = { ExecStart = cfg.script; };
  };
  scripts = {
    disk_check = {
      when = "*-*-* *:00:00";
      script = toString (pkgs.writeShellScript "script" ''
        REPORT_EMAIL=email@thomasave.be
        ZPOOL_STATUS=$(zpool status -x)
        if [ "$ZPOOL_STATUS" = "all pools are healthy" ] || [ "$ZPOOL_STATUS" = "no pools available" ]
        then
            printf 0 > /var/db/zpool.status
        else
            if [ "$(cat /var/db/zpool.status)" -eq 0 ]
            then
                zpool status | mail -s "ZPOOL NOT HEALTHY" $REPORT_EMAIL
                printf 1 > /var/db/zpool.status
            fi
        fi
      '');
    };
    restic_etienne = {
      when = "*-*-* 01:00:00";
      script = toString (pkgs.writeShellScript "script" ''
              /Backup/Restic/Etienne/run.sh
              ${pkgs.curl}/bin/curl https://uptime.thomasave.be/api/push/zGPrOi0NsJ
      '');
    };
    restic_magda_and_etienne = {
      when = "*-*-* 03:00:00";
      script = toString (pkgs.writeShellScript "script" ''
              /Backup/Restic/Magda\ and\ Etienne/run.sh
              ${pkgs.curl}/bin/curl https://uptime.thomasave.be/api/push/yvBuDgduDd
      '');
    };
    restic_backblaze = {
      when = "*-*-* 02:00:00";
      script = toString (pkgs.writeShellScript "script" ''
              /Backup/Restic/BackBlaze/run.sh
              ${pkgs.curl}/bin/curl https://uptime.thomasave.be/api/push/LVruVYTwTn
      '');
    };
    mail_sync = {
      when = "*-*-* 04:00:00";
      script = toString (pkgs.writeShellScript "script" ''
              cd /home/server/Containers/Mails && docker compose up sync-etienne sync-magda
              ${pkgs.curl}/bin/curl https://uptime.thomasave.be/api/push/eEIPVGyrAx
      '');
    };
  };
in {
  home.username = "server";
  home.homeDirectory = "/home/server";
  nix = {
    package = pkgs.nix;
    settings.use-xdg-base-directories = true;
  };

  xdg.enable = true;
  imports = [ (import ./common.nix { inherit inputs config pkgs; }) ./ssh ];
  programs.ssh.matchBlocks."*".identityFile = "/home/server/.secrets/SSH/Vault/id_ed25519";

  home.sessionVariables = {
    NIX_PATH = "${config.xdg.stateHome}/nix/profiles/channels/";
    LANG = "en_US.UTF-8";
    XDG_RUNTIME_DIR = "/run/user/$(id -u)";
  };

  systemd.user.services = pkgs.lib.mapAttrs mkService scripts
    // (pkgs.lib.mapAttrs mkService {
      "status_notify@" = {
        script = "${notify_script}/bin/telegram-notify.py %i";
      };
    });
  systemd.user.timers = pkgs.lib.mapAttrs mkTimer scripts;

  # Don't forget to enable these timers! Or reboot, after which it should also be activated automatically
  # systemctl --user enable --now disk_check.timer
}
Add Vault.nix 2024-06-10 15:07:36 +02:00			`{ inputs, config, pkgs, ... }:`
			`let`
			`notify_script = (pkgs.writers.writePython3Bin "telegram-notify.py" {`
			`libraries = [ pkgs.python3Packages.python-telegram-bot ];`
			`} ''`
			`import telegram`
			`import asyncio`
			`import sys`
			`import subprocess`


			`async def run():`
			`text = subprocess.check_output(`
			`["journalctl", "--user", "-u", sys.argv[1], "-b"]`
			`).decode("utf-8")`

			`with open("/home/server/mail.log", "a") as f:`
			`f.write("===========================================")`
			`f.write(text)`

			`bot = telegram.Bot(token="381718873:AAElFmI2BDjumCehhWicuksE0vutrPSkoGA")`
			`chat_id = 125754925`
			`await bot.send_message(`
			`chat_id, "Vault encountered an error in the service: " + sys.argv[1]`
			`)`

			`await bot.send_message(chat_id, text)`


			`if __name__ == "__main__":`
			`loop = asyncio.get_event_loop()`
			`loop.run_until_complete(asyncio.wait([loop.create_task(run())]))`
			`loop.close()`
			`'');`
			`mkTimer = name: cfg: {`
			`Install.WantedBy = [ "timers.target" ];`
			`Timer = {`
			`Persistent = true;`
			`OnCalendar = cfg.when;`
			`Unit = "${name}.service";`
			`};`
			`};`
			`mkService = name: cfg: {`
			`Unit.Description = name;`
			`Unit.OnFailure = "status_notify@%n.service";`
			`Install = { WantedBy = [ "default.target" ]; };`
			`Service = { ExecStart = cfg.script; };`
			`};`
			`scripts = {`
			`disk_check = {`
			`when = "--* *:00:00";`
			`script = toString (pkgs.writeShellScript "script" ''`
			`REPORT_EMAIL=email@thomasave.be`
			`ZPOOL_STATUS=$(zpool status -x)`
			`if [ "$ZPOOL_STATUS" = "all pools are healthy" ] \|\| [ "$ZPOOL_STATUS" = "no pools available" ]`
			`then`
			`printf 0 > /var/db/zpool.status`
			`else`
			`if [ "$(cat /var/db/zpool.status)" -eq 0 ]`
			`then`
			`zpool status \| mail -s "ZPOOL NOT HEALTHY" $REPORT_EMAIL`
			`printf 1 > /var/db/zpool.status`
			`fi`
			`fi`
			`'');`
			`};`
Mon Jun 10 01:21:53 PM UTC 2024 2024-06-10 15:21:53 +02:00			`restic_etienne = {`
			`when = "--* 01:00:00";`
			`script = toString (pkgs.writeShellScript "script" ''`
			`/Backup/Restic/Etienne/run.sh`
			`${pkgs.curl}/bin/curl https://uptime.thomasave.be/api/push/zGPrOi0NsJ`
			`'');`
			`};`
			`restic_magda_and_etienne = {`
			`when = "--* 03:00:00";`
			`script = toString (pkgs.writeShellScript "script" ''`
			`/Backup/Restic/Magda\ and\ Etienne/run.sh`
			`${pkgs.curl}/bin/curl https://uptime.thomasave.be/api/push/yvBuDgduDd`
			`'');`
			`};`
			`restic_backblaze = {`
			`when = "--* 02:00:00";`
			`script = toString (pkgs.writeShellScript "script" ''`
			`/Backup/Restic/BackBlaze/run.sh`
			`${pkgs.curl}/bin/curl https://uptime.thomasave.be/api/push/LVruVYTwTn`
			`'');`
			`};`
			`mail_sync = {`
			`when = "--* 04:00:00";`
			`script = toString (pkgs.writeShellScript "script" ''`
			`cd /home/server/Containers/Mails && docker compose up sync-etienne sync-magda`
			`${pkgs.curl}/bin/curl https://uptime.thomasave.be/api/push/eEIPVGyrAx`
			`'');`
			`};`
Add Vault.nix 2024-06-10 15:07:36 +02:00			`};`
			`in {`
			`home.username = "server";`
			`home.homeDirectory = "/home/server";`
			`nix = {`
			`package = pkgs.nix;`
			`settings.use-xdg-base-directories = true;`
			`};`

			`xdg.enable = true;`
			`imports = [ (import ./common.nix { inherit inputs config pkgs; }) ./ssh ];`
			`programs.ssh.matchBlocks."*".identityFile = "/home/server/.secrets/SSH/Vault/id_ed25519";`

			`home.sessionVariables = {`
			`NIX_PATH = "${config.xdg.stateHome}/nix/profiles/channels/";`
			`LANG = "en_US.UTF-8";`
			`XDG_RUNTIME_DIR = "/run/user/$(id -u)";`
			`};`

			`systemd.user.services = pkgs.lib.mapAttrs mkService scripts`
			`// (pkgs.lib.mapAttrs mkService {`
			`"status_notify@" = {`
			`script = "${notify_script}/bin/telegram-notify.py %i";`
			`};`
			`});`
			`systemd.user.timers = pkgs.lib.mapAttrs mkTimer scripts;`

			`# Don't forget to enable these timers! Or reboot, after which it should also be activated automatically`
			`# systemctl --user enable --now disk_check.timer`
			`}`