Skip to content

Commit

Permalink
Move bookmarks sync scripts into module
Browse files Browse the repository at this point in the history
  • Loading branch information
barrucadu committed Dec 10, 2024
1 parent d321872 commit 4e22ebe
Show file tree
Hide file tree
Showing 6 changed files with 126 additions and 50 deletions.
22 changes: 3 additions & 19 deletions hosts/carcosa/configuration.nix
Original file line number Diff line number Diff line change
Expand Up @@ -424,25 +424,9 @@ in
nixfiles.bookdb.remoteSync.receive.authorizedKeys =
[ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIChVw9DPLafA3lCLCI4Df9rYuxedFQTXAwDOOHUfZ0Ac remote-sync@nyarlathotep" ];

users.extraUsers.nyarlathotep-remote-sync = {
home = "/var/lib/nyarlathotep-remote-sync";
createHome = true;
isSystemUser = true;
openssh.authorizedKeys.keys =
[ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIChVw9DPLafA3lCLCI4Df9rYuxedFQTXAwDOOHUfZ0Ac remote-sync@nyarlathotep" ];
shell = pkgs.bashInteractive;
group = "nogroup";
packages =
let
bookmarks-receive-elasticsearch = ''
env ES_HOST=${config.systemd.services.bookmarks.environment.ES_HOST} \
${pkgs.nixfiles.bookmarks}/bin/bookmarks_ctl import-index --drop-existing
'';
in
[
(pkgs.writeShellScriptBin "bookmarks-receive-elasticsearch" bookmarks-receive-elasticsearch)
];
};
nixfiles.bookmarks.remoteSync.receive.enable = true;
nixfiles.bookmarks.remoteSync.receive.authorizedKeys =
[ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIChVw9DPLafA3lCLCI4Df9rYuxedFQTXAwDOOHUfZ0Ac remote-sync@nyarlathotep" ];

###############################################################################
## Miscellaneous
Expand Down
34 changes: 3 additions & 31 deletions hosts/nyarlathotep/configuration.nix
Original file line number Diff line number Diff line change
Expand Up @@ -495,37 +495,9 @@ in
nixfiles.bookdb.remoteSync.send.sshKeyFile = config.sops.secrets."users/remote_sync/ssh_private_key".path;
nixfiles.bookdb.remoteSync.send.targets = [ "carcosa.barrucadu.co.uk" ];

users.extraUsers.remote-sync = {
home = "/var/lib/remote-sync";
createHome = true;
isSystemUser = true;
shell = pkgs.bashInteractive;
group = "nogroup";
};

systemd.services.bookmarks-sync = {
description = "Upload bookmarks data to carcosa";
startAt = "*:15";
path = with pkgs; [ openssh ];
serviceConfig = {
ExecStart = pkgs.writeShellScript "bookmarks-sync" ''
set -ex
env "ES_HOST=$ES_HOST" \
${pkgs.nixfiles.bookmarks}/bin/bookmarks_ctl export-index | \
ssh -i "$SSH_KEY_FILE" \
-o UserKnownHostsFile=/dev/null \
-o StrictHostKeyChecking=no \
[email protected] \
bookmarks-receive-elasticsearch
'';
User = config.users.extraUsers.remote-sync.name;
};
environment = {
ES_HOST = config.systemd.services.bookmarks.environment.ES_HOST;
SSH_KEY_FILE = config.sops.secrets."users/remote_sync/ssh_private_key".path;
};
};
nixfiles.bookmarks.remoteSync.send.enable = true;
nixfiles.bookmarks.remoteSync.send.sshKeyFile = config.sops.secrets."users/remote_sync/ssh_private_key".path;
nixfiles.bookmarks.remoteSync.send.targets = [ "carcosa.barrucadu.co.uk" ];

sops.secrets."users/remote_sync/ssh_private_key".owner = config.users.extraUsers.remote-sync.name;

Expand Down
2 changes: 2 additions & 0 deletions shared/bookmarks/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ in
{
imports = [
./options.nix
./remote-sync-receive.nix
./remote-sync-send.nix
];

config = mkIf cfg.enable {
Expand Down
42 changes: 42 additions & 0 deletions shared/bookmarks/options.nix
Original file line number Diff line number Diff line change
Expand Up @@ -60,5 +60,47 @@ with lib;
Format of the log messages.
'';
};

remoteSync = {
receive = {
enable = mkOption {
type = types.bool;
default = false;
description = mdDoc ''
Enable receiving push-based remote sync from other hosts.
'';
};
authorizedKeys = mkOption {
type = types.listOf types.str;
default = [ ];
description = mdDoc ''
SSH public keys to allow pushes from.
'';
};
};

send = {
enable = mkOption {
type = types.bool;
default = false;
description = mdDoc ''
Enable periodically pushing local state to other hosts.
'';
};
sshKeyFile = mkOption {
type = types.str;
description = mdDoc ''
Path to SSH private key.
'';
};
targets = mkOption {
type = types.listOf types.str;
default = [ ];
description = mdDoc ''
Hosts to push to.
'';
};
};
};
};
}
29 changes: 29 additions & 0 deletions shared/bookmarks/remote-sync-receive.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
# see remote-sync-send.nix
{ config, lib, pkgs, ... }:

with lib;
let
cfg = config.nixfiles.bookmarks.remoteSync.receive;
in
{
config = mkIf cfg.enable {
users.extraUsers.bookmarks-remote-sync-receive = {
home = "/var/lib/bookmarks-remote-sync-receive";
createHome = true;
isSystemUser = true;
openssh.authorizedKeys.keys = cfg.authorizedKeys;
shell = pkgs.bashInteractive;
group = "nogroup";
packages =
let
receive-elasticsearch = ''
env ES_HOST=${config.systemd.services.bookmarks.environment.ES_HOST} \
${pkgs.nixfiles.bookmarks}/bin/bookmarks_ctl import-index --drop-existing
'';
in
[
(pkgs.writeShellScriptBin "receive-elasticsearch" bookmarks-receive-elasticsearch)
];
};
};
}
47 changes: 47 additions & 0 deletions shared/bookmarks/remote-sync-send.nix
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
# see remote-sync-receive.nix
{ config, lib, pkgs, ... }:

with lib;
let
cfg = config.nixfiles.bookmarks.remoteSync.send;

toService = target: {
name = "bookmarks-sync-${target}";
value = {
description = "Upload bookmarks data to ${target}";
startAt = "*:15";
path = with pkgs; [ openssh ];
serviceConfig = {
ExecStart = pkgs.writeShellScript "bookmarks-sync" ''
set -ex
env "ES_HOST=$ES_HOST" \
${pkgs.nixfiles.bookmarks}/bin/bookmarks_ctl export-index | \
ssh -i "$SSH_KEY_FILE" \
-o UserKnownHostsFile=/dev/null \
-o StrictHostKeyChecking=no \
bookmarks-remote-sync-receive@${target} \
receive-elasticsearch
'';
User = config.users.extraUsers.bookmarks-remote-sync-send.name;
};
environment = {
ES_HOST = config.systemd.services.bookmarks.environment.ES_HOST;
SSH_KEY_FILE = cfg.sshKeyFile;
};
};
};
in
{
config = mkIf cfg.enable {
users.extraUsers.bookmarks-remote-sync-send = {
home = "/var/lib/bookmarks-remote-sync-send";
createHome = true;
isSystemUser = true;
shell = pkgs.bashInteractive;
group = "nogroup";
};

systemd.services = listToAttrs (map toService cfg.targets);
};
}

0 comments on commit 4e22ebe

Please sign in to comment.