Backup workflow improvements

* move tunnel for nextcloud-web into separate file
* add script to check for running backups and shutdown server otherwise
This commit is contained in:
Hendrik Sokolowski 2022-11-27 21:17:33 +01:00
parent e10f277854
commit 60ca29289e
Signed by untrusted user: hensoko
GPG key ID: 5C36A01B80BCCC59
3 changed files with 77 additions and 20 deletions

View file

@ -7,6 +7,8 @@ in
{ {
imports = [ imports = [
./configuration.nix ./configuration.nix
./nextcloud-web-tunnel.nix
./restic-backup.nix
]; ];
config = { config = {
@ -27,26 +29,6 @@ in
} }
]; ];
services.openssh.knownHosts = {
"cloud.pub.solar".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIABPJSwr9DfnqV0KoL23BcxlWtRxuOqQpnFnCv4SG/LW";
};
systemd.services.ssh-tunnel-cloud-pub-solar = {
unitConfig = {
Description = "Reverse SSH connection to enable backups from IPv4-only to IPv6-only host";
After = [ "network.target" ];
};
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.openssh}/bin/ssh -vvv -g -N -T -o 'ServerAliveInterval 10' -o 'ExitOnForwardFailure yes' -R 127.0.0.1:22022:localhost:22 root@cloud.pub.solar";
User = psCfg.user.name;
Group = "users";
Restart = "always";
RestartSec = "5s";
};
wantedBy = [ "default.target" ];
};
services.ddclient = { services.ddclient = {
enable = true; enable = true;
ipv6 = true; ipv6 = true;

View file

@ -0,0 +1,25 @@
{ pkgs, ... }:
{
config = {
services.openssh.knownHosts = {
"cloud.pub.solar".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIABPJSwr9DfnqV0KoL23BcxlWtRxuOqQpnFnCv4SG/LW";
};
systemd.services.ssh-tunnel-cloud-pub-solar = {
unitConfig = {
Description = "Reverse SSH connection to enable backups from IPv4-only to IPv6-only host";
After = [ "network.target" ];
};
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.openssh}/bin/ssh -vvv -g -N -T -o 'ServerAliveInterval 10' -o 'ExitOnForwardFailure yes' -R 127.0.0.1:22022:localhost:22 root@cloud.pub.solar";
User = psCfg.user.name;
Group = "users";
Restart = "always";
RestartSec = "5s";
};
wantedBy = [ "default.target" ];
};
};
}

View file

@ -0,0 +1,50 @@
{ pkgs, ... }:
let
shutdownWaitMinutes = 15;
shutdownScript = pkgs.writeScript "shutdown" ''
STATUS_FILES="/media/internal/backups-pub-solar/status"
running=""
for f in $STATUS_FILES; do
declare started
declare finished
started=$(source $f ; echo ''${BACKUP_STARTED})
finished=$(source $f ; echo ''${BACKUP_FINISHED})
if [ -z "''${finished}" ]; then
echo "backup $(dirname $f) still running"
running="yes"
break
fi
done
if [ -n "''${running}" ] && [ "''${running}" = "yes" ]; then
echo "backups are still running"
exit 1
fi
echo "WARNING: System will be shut down within the next 15 minutes" | wall
sleep 10
shutdown -P +${builtins.toString shutdownWaitMinutes}
'';
in
{
systemd.services."shutdown-after-backup" = {
enable = true;
serviceConfig = {
ExecStart = shutdownScript;
};
};
systemd.timers."shutdown-after-backup" = {
enable = true;
serviceConfig = {
OnCalendar = "3..9:*";
};
};
}