diff --git a/backup_forgejo.sh b/backup_forgejo.sh new file mode 100644 index 0000000..898b532 --- /dev/null +++ b/backup_forgejo.sh @@ -0,0 +1,119 @@ +#!/bin/bash + +version="0.1" + +backup_path=none +backup_user=none +server=none +ssh_port=none +mail_config=none +mail=none + +usage() +{ + echo "[-v] [-h] [-d directory] [-u user] [-s server] [-p port] [-a mail-config] [-m mail]" +} + +version() +{ + echo "backup script: $version" +} + +get_ops() +{ + while getopts duspam: opt; do + case $opt in + d) backup_path=$OPTARG ;; + u) backup_user=$OPTARG ;; + s) server=$OPTARG ;; + p) ssh_port=$OPTARG ;; + a) mail_config=$OPTARG ;; + m) mail=$OPTARG ;; + *) echo 'error in command line parsing' >&2 + exit 1 + esac + done +} + +get_ops $* + +if [ "$backup_path" = "none" ]; then + echo "missing backup path"; + exit 1 +fi + +if [ "$backup_user" = "none" ]; then + echo "missing backup user"; + exit 1 +fi + +if [ "$server" = "none" ]; then + echo "missing backup server address"; + exit 1 +fi + +if [ "$ssh_port" = "none" ]; then + echo "missing backup server port"; + exit 1 +fi + +# make sure we are in the correct dir (locally) +cd $backup_path +mkdir -p backups +outfile="backups/backup_$(date +%Y_%m_%d).zip" + +# result flags +success=true +failure_reason="Unknown." + +# create backup +forgejo dump -c /etc/forgejo/app.ini -f $outfile + +# check for success +if [ $? -ne 0 ]; then + failure_reason="Failed to create forgejo backup." + echo $failure_reason + success=false +fi + +# query size of output file +outfile_size=$(ls -l $outfile | cut -d ' ' -f5 | numfmt --to iec) +backup_dir_size=0 + +# copy backup to backup server +if [ "$success" = true ] ; then + # check if ssh files are present (went missing in the past) + if [[ -f ~/.ssh/id_rsa && -f ~/.ssh/id_rsa.pub ]]; then + # simple scp to backup server + scp -P $ssh_port $outfile $backup_user@$server:$backup_path + scp_return=$? + echo scp code $scp_return + + # check for success + if [ $scp_return -eq 0 ]; then + rm $outfile + backup_dir_size=$(ssh -n $backup_user@$server -p $ssh_port "ls -l $backup_path" | awk '{sum += $5} END {print sum}' | numfmt --to iec) + success=true + else + failure_reason="scp failed." + success=false + fi + else + failure_reason="Missing rsa file." + echo $failure_reason + success=false + fi +fi + +echo $success + +if [ "$mail_config" != "none" ] && [ "$mail" != "none" ]; then + # send info mail to configured mail address + if [ "$success" = true ] ; then + echo "reporting success" + printf "Subject: Forgejo Backup - Success\n\nBackup ran successfully. Backup size: $outfile_size. Backup dir size: $backup_dir_size" | msmtp -a $mail_config $mail + else + echo "reporting failure" + printf "Subject: Forgejo Backup - Failure\n\n$failure_reason" | msmtp -a $mail_config $mail + fi +fi diff --git a/dev_system.nix b/dev_system.nix index a38bacc..ea1d19b 100644 --- a/dev_system.nix +++ b/dev_system.nix @@ -19,6 +19,26 @@ in }; }; + users.users = { + # connection only via ssh key + pipeline = { + isNormalUser = true; + home = "/home/pipeline"; + description = "User used by forgejo runners to connect to this system"; + extraGroups = [ "docker" ]; + openssh.authorizedKeys.keys = [ "TODO" ]; + }; + + # connection only via hashed password; + dev = { + isNormalUser = true; + home = "/home/dev"; + description = "User used to manually connect to this system (e.g. for maintenance)"; + extraGroups = [ "docker" "wheel" ]; + hashesPassword = "TODO"; + } + }; + environment.systemPackages = with pkgs; [ git ]; diff --git a/git_system.nix b/git_system.nix index 74d2d91..964c267 100644 --- a/git_system.nix +++ b/git_system.nix @@ -11,14 +11,6 @@ let srv = cfg.settings.server; in { - imports = [ - # include NixOS-WSL modules - - ]; - - wsl.enable = true; - wsl.defaultUser = "nixos"; - system.stateVersion = "24.11"; nix = { @@ -31,6 +23,17 @@ in git ]; + users.users = { + # connection only via hashed password; + dev = { + isNormalUser = true; + home = "/home/dev"; + description = "User used to manually connect to this system (e.g. for maintenance)"; + extraGroups = [ "docker" "wheel" ]; + hashesPassword = "TODO"; + } + }; + virtualisation.docker = { enable = true; }; diff --git a/runner_system.nix b/runner_system.nix index 3a311dd..0f5fb1f 100644 --- a/runner_system.nix +++ b/runner_system.nix @@ -24,6 +24,17 @@ in forgejo-runner ]; + users.users = { + # connection only via hashed password; + dev = { + isNormalUser = true; + home = "/home/dev"; + description = "User used to manually connect to this system (e.g. for maintenance)"; + extraGroups = [ "docker" "wheel" ]; + hashesPassword = "TODO"; + } + }; + virtualisation.docker = { enable = true; }; @@ -40,5 +51,19 @@ in }; # TODO: forgejo runner + gitea-actions-runner = { + package = pkgs.forgejo-actions-runner; + instances.default = { + enable = true; + name = "default-runner"; + url = "TODO"; + tokenFile = config.age.secrets.forgejo-runner-token.path; + labels = [ + "ubuntu-latest:docker://node:16-bullseye" + "ubuntu-22.04:docker://node:16-bullseye" + "ubuntu-20.04:docker://node:16-bullseye" + ]; + } + } }; } \ No newline at end of file