From e6b2252a834c75c28bb440204e19adbf6dea44ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20Av=C3=A9?= Date: Mon, 10 Jun 2024 13:07:36 +0000 Subject: [PATCH] Add Vault.nix --- home/Vault.nix | 107 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 107 insertions(+) create mode 100644 home/Vault.nix diff --git a/home/Vault.nix b/home/Vault.nix new file mode 100644 index 0000000..f4e7c1d --- /dev/null +++ b/home/Vault.nix @@ -0,0 +1,107 @@ +{ inputs, config, pkgs, ... }: +let + notify_script = (pkgs.writers.writePython3Bin "telegram-notify.py" { + libraries = [ pkgs.python3Packages.python-telegram-bot ]; + } '' + import telegram + import asyncio + import sys + import subprocess + + + async def run(): + text = subprocess.check_output( + ["journalctl", "--user", "-u", sys.argv[1], "-b"] + ).decode("utf-8") + + with open("/home/server/mail.log", "a") as f: + f.write("===========================================") + f.write(text) + + bot = telegram.Bot(token="381718873:AAElFmI2BDjumCehhWicuksE0vutrPSkoGA") + chat_id = 125754925 + await bot.send_message( + chat_id, "Vault encountered an error in the service: " + sys.argv[1] + ) + + await bot.send_message(chat_id, text) + + + if __name__ == "__main__": + loop = asyncio.get_event_loop() + loop.run_until_complete(asyncio.wait([loop.create_task(run())])) + loop.close() + ''); + mkTimer = name: cfg: { + Install.WantedBy = [ "timers.target" ]; + Timer = { + Persistent = true; + OnCalendar = cfg.when; + Unit = "${name}.service"; + }; + }; + mkService = name: cfg: { + Unit.Description = name; + Unit.OnFailure = "status_notify@%n.service"; + Install = { WantedBy = [ "default.target" ]; }; + Service = { ExecStart = cfg.script; }; + }; + scripts = { + disk_check = { + when = "*-*-* *:00:00"; + script = toString (pkgs.writeShellScript "script" '' + REPORT_EMAIL=email@thomasave.be + ZPOOL_STATUS=$(zpool status -x) + if [ "$ZPOOL_STATUS" = "all pools are healthy" ] || [ "$ZPOOL_STATUS" = "no pools available" ] + then + printf 0 > /var/db/zpool.status + else + if [ "$(cat /var/db/zpool.status)" -eq 0 ] + then + zpool status | mail -s "ZPOOL NOT HEALTHY" $REPORT_EMAIL + printf 1 > /var/db/zpool.status + fi + fi + ''); + }; + # backup = { + # when = "*-*-* 04:00:00"; + # script = toString (pkgs.writeShellScript "script" '' + # ${./scripts/files/backup.sh} + # ${pkgs.curl}/bin/curl https://uptime.thomasave.be/api/push/R6iJcWqGp0 + # ''); + # }; + }; +in { + home.username = "server"; + home.homeDirectory = "/home/server"; + nix = { + package = pkgs.nix; + settings.use-xdg-base-directories = true; + }; + + xdg.enable = true; + imports = [ (import ./common.nix { inherit inputs config pkgs; }) ./ssh ]; + programs.ssh.matchBlocks."*".identityFile = "/home/server/.secrets/SSH/Vault/id_ed25519"; + + home.sessionVariables = { + NIX_PATH = "${config.xdg.stateHome}/nix/profiles/channels/"; + LANG = "en_US.UTF-8"; + XDG_RUNTIME_DIR = "/run/user/$(id -u)"; + }; + + systemd.user.services = pkgs.lib.mapAttrs mkService scripts + // (pkgs.lib.mapAttrs mkService { + "status_notify@" = { + script = "${notify_script}/bin/telegram-notify.py %i"; + }; + }); + systemd.user.timers = pkgs.lib.mapAttrs mkTimer scripts; + + # Don't forget to enable these timers! Or reboot, after which it should also be activated automatically + # systemctl --user enable --now backup.timer + # systemctl --user enable --now sync_vault.timer + # systemctl --user enable --now mbsync.timer + # systemctl --user enable --now vdirsyncer.timer + # systemctl --user enable --now disk_check.timer +}