refactor: system skeleton instead of common files

2023-10-18 20:49:57 +02:00 · 2023-10-18 20:49:57 +02:00 · e1c55a9c68
commit e1c55a9c68
parent a5bc3f09f1
8 changed files with 3 additions and 7 deletions
--- a/skel/etc/cron.d/restic.crontab
+++ b/skel/etc/cron.d/restic.crontab
@ -0,0 +1,10 @@
+# /etc/cron.d/restic.crontab
+
+# every 4 hours create a backup
+0 */4 * * * root /neb/common/restic/backup.sh
+
+# every day at 2 in the morning, forget old backups
+0 2 * * * root /neb/common/restic/forget.sh
+
+# every 1st of the month at 2 in the morning, prune
+50 2 1 * * root /neb/common/restic/prune.sh
--- a/skel/etc/ssh/ssh_config.d/ixvd.conf
+++ b/skel/etc/ssh/ssh_config.d/ixvd.conf
@ -0,0 +1,21 @@
+#####################
+## IXVD ssh config ##
+#####################
+
+# This config describes what the bastion hose is and how to jump
+
+
+Host link
+    HostName link.ixvd.net
+
+Host keymaker
+    ProxyJump link
+
+Host apoc
+    ProxyJump link
+
+Host kid
+    ProxyJump link
+
+Host mouse
+    ProxyJump link
--- a/skel/opt/ixvd/ntfy.sh
+++ b/skel/opt/ixvd/ntfy.sh
@ -0,0 +1,100 @@
+#!/usr/bin/env bash
+
+ntfy_username=""
+ntfy_password=""
+ntfy_token=""
+
+help()
+{
+   echo "Options:"
+   echo "-t     Set the title of a message."
+   echo "-m     Your message."
+   echo "-p     Notification priority, 1-5, 5 is the highest.  (Optional)"
+   echo "-e     Choose emoji. (https://ntfy.sh/docs/emojis/?h=emo)"
+   echo "-s     Set the token for a message from a file"
+   echo "-u     specify url"
+   echo "-h     Print this help."
+   echo
+   echo "If you want to show if the last command was successful or not, you can do something like this:"
+   echo "yourcommand ; export le=$? ; /path/to/ntfy.sh"
+   echo
+}
+
+
+while getopts "t:m:p:e:s:u:h" option; do
+  case $option in
+    t) ntfy_topic="$OPTARG";;
+    m) ntfy_message="$OPTARG";;
+    p) ntfy_prio="$OPTARG";;
+    e) ntfy_emoji="$OPTARG";;
+    s) ntfy_token="$(cat $OPTARG)";;
+    u) ntfy_url="$OPTARG";;
+    h) help
+       exit;;
+    \?)
+       echo "Error: Invalid option"
+       exit;;
+  esac
+done
+shift $((OPTIND-1))
+
+if [ -z "$ntfy_message" ]; then
+  ntfy_message="Done"
+fi
+
+if [ "$ntfy_prio" == "1" ]; then
+  ntfy_prio="min"
+  ntfy_tag="white_small_square"
+elif [ "$ntfy_prio" == "2" ]; then
+  ntfy_prio="low"
+  ntfy_tag="computer"
+elif [ "$ntfy_prio" == "3" ]; then
+  ntfy_prio="default"
+  ntfy_tag="computer"
+elif [ "$ntfy_prio" == "4" ]; then
+  ntfy_prio="high"
+  ntfy_tag="warning"
+elif [ "$ntfy_prio" == "5" ]; then
+  ntfy_prio="max"
+  ntfy_tag="rotating_light"
+else
+  ntfy_prio="default"
+  ntfy_tag="computer"
+fi
+
+if [ -n "$ntfy_emoji" ]; then
+  ntfy_tag="$ntfy_emoji"
+fi
+
+if [ -n "$le" ]; then
+  if [ "$le" == "0" ]; then
+    ntfy_tag="heavy_check_mark"
+  else
+    ntfy_tag="x"
+  fi
+fi
+
+if [ -z "$ntfy_topic" ]; then
+  ntfy_topic="$HOSTNAME"
+fi
+
+if [[ -n $ntfy_password && -n $ntfy_token ]]; then
+  echo "Use ntfy_username and ntfy_password OR ntfy_token"
+  exit 1
+elif [ -n "$ntfy_password" ]; then
+  ntfy_base64=$( echo -n "$ntfy_username:$ntfy_password" | base64 )
+  ntfy_auth="Authorization: Basic $ntfy_base64"
+elif [ -n "$ntfy_token" ]; then
+  ntfy_auth="Authorization: Bearer $ntfy_token"
+else
+  ntfy_auth=""
+fi
+
+curl \
+    -X POST \
+    -H "$ntfy_auth" \
+    -H "Title: $ntfy_topic" \
+    -H "Tags: $ntfy_tag" \
+    -H "Priority: $ntfy_prio" \
+    -d "$ntfy_message" \
+    "$ntfy_url"
--- a/skel/opt/restic/backup.sh
+++ b/skel/opt/restic/backup.sh
@ -0,0 +1,17 @@
+#!/bin/sh
+
+ntfy() {
+    sh /opt/ixvd/ntfy.sh -s "/neb/secrets/ntfy/ixvd-backups" -u "https://push.ixvd.net/ixvd-backups" "$@"
+}
+
+ntfy -m "performing backup..."
+if restic \
+    -r "sftp://ixvd_backup_storage//$(hostname)" \
+    -p "/neb/secrets/restic/$(hostname).secret" \
+    backup \
+    --tag auto \
+    /srv /home /etc; then
+    ntfy -m "backup succeeded"
+else
+    ntfy -m "backup failed" -e "warning,skull"
+fi
--- a/skel/opt/restic/forget.sh
+++ b/skel/opt/restic/forget.sh
@ -0,0 +1,21 @@
+#!/bin/sh
+
+ntfy() {
+    sh /opt/ixvd/ntfy.sh -s "/neb/secrets/ntfy/ixvd-backups" -u "https://push.ixvd.net/ixvd-backups" "$@"
+}
+
+ntfy -m "forgetting old backups..."
+if restic \
+    -r "sftp://ixvd_backup_storage//$(hostname)" \
+    -p "/etc/ixvd/secrets/restic/$(hostname).secret" \
+    forget \
+    --keep-last 10 \
+    --keep-tag keep \
+    --keep-daily 20 \
+    --keep-weekly 20 \
+    --keep-monthly 6 \
+    --keep-yearly 10; then
+    ntfy -m "forget succeeded"
+else
+    ntfy -m "forget failed" -e "warning,skull"
+fi
--- a/skel/opt/restic/prune.sh
+++ b/skel/opt/restic/prune.sh
@ -0,0 +1,15 @@
+#!/bin/sh
+
+ntfy() {
+    sh /opt/ixvd/ntfy.sh -s "/neb/secrets/ntfy/ixvd-backups" -u "https://push.ixvd.net/ixvd-backups" "$@"
+}
+
+ntfy -m "pruning old backups..."
+if restic \
+    -r "sftp://ixvd_backup_storage//$(hostname)" \
+    -p "/etc/ixvd/secrets/restic/$(hostname).secret" \
+    prune; then
+    notify -m "pruning succeeded"
+else
+    notify -m "prune failed" -e "warning,skull"
+fi