vleeuwenmenno/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: adds borg, timers and systemd service support

Browse Source
This commit is contained in:
Menno van Leeuwen
2025-07-27 02:13:33 +02:00
parent 47221e5803
commit 4018399fd4
12 changed files with 535 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
bin/actions/service.py
View File

@@ -255,8 +255,44 @@ def check_service_running(service_name):
return len(containers)
def get_systemd_timer_status(timer_name):
"""Check if a systemd timer is active and enabled, and get next run time"""
# Check if timer is active (running/waiting)
active_result = subprocess.run(
["sudo", "systemctl", "is-active", timer_name],
capture_output=True,
text=True
)
# Check if timer is enabled (will start on boot)
enabled_result = subprocess.run(
["sudo", "systemctl", "is-enabled", timer_name],
capture_output=True,
text=True
)
# Get next run time
list_result = subprocess.run(
["sudo", "systemctl", "list-timers", timer_name, "--no-legend"],
capture_output=True,
text=True
)
is_active = active_result.returncode == 0
is_enabled = enabled_result.returncode == 0
next_run = "unknown"
if list_result.returncode == 0 and list_result.stdout.strip():
parts = list_result.stdout.strip().split()
if len(parts) >= 4:
next_run = f"{parts[0]} {parts[1]} {parts[2]}"
return is_active, is_enabled, next_run
def cmd_list(args):
"""List available Docker services"""
"""List available Docker services and systemd services"""
# Docker services section
if not os.path.exists(SERVICES_DIR):
printfe("red", f"Error: Services directory not found at {SERVICES_DIR}")
return 1
@@ -270,8 +306,7 @@ def cmd_list(args):
if not services:
printfe("yellow", "No Docker services found")
return 0
else:
println("Available Docker services:", "blue")
for service in sorted(services):
container_count = check_service_running(service)
@@ -286,6 +321,28 @@ def cmd_list(args):
printfe(color, f" - {service:<20} {status}")
# Systemd services section
print()
println("System services:", "blue")
systemd_timers = ["borg-backup.timer", "dynamic-dns.timer"]
for timer in systemd_timers:
is_active, is_enabled, next_run = get_systemd_timer_status(timer)
service_name = timer.replace('.timer', '')
if is_active and is_enabled:
status = f"[TIMER ACTIVE - next: {next_run}]"
color = "green"
elif is_enabled:
status = "[TIMER ENABLED - INACTIVE]"
color = "yellow"
else:
status = "[TIMER DISABLED]"
color = "red"
printfe(color, f" - {service_name:<20} {status}")
return 0

81
bin/actions/source.py Executable file
View File

@@ -0,0 +1,81 @@
#!/usr/bin/env python3
import os
import sys
import subprocess
# Add the helpers directory to the path
sys.path.append(os.path.join(os.path.dirname(__file__), '..', 'helpers'))
from functions import printfe
def get_borg_passphrase():
"""Get Borg passphrase from 1Password"""
try:
result = subprocess.run(
["op", "item", "get", "Borg Backup", "--vault=Dotfiles", "--fields=password", "--reveal"],
capture_output=True,
text=True,
check=True
)
return result.stdout.strip()
except subprocess.CalledProcessError:
printfe("red", "Error: Failed to retrieve Borg passphrase from 1Password")
return None
def main():
"""Generate export commands for Borg environment variables"""
args = sys.argv[1:] if len(sys.argv) > 1 else []
# Get passphrase from 1Password
passphrase = get_borg_passphrase()
if not passphrase:
return 1
# Generate the export commands
exports = [
f'export BORG_REPO="/mnt/object_storage/borg-repo"',
f'export BORG_PASSPHRASE="{passphrase}"',
f'export BORG_CACHE_DIR="/home/menno/.config/borg/cache"',
f'export BORG_CONFIG_DIR="/home/menno/.config/borg/config"',
f'export BORG_SECURITY_DIR="/home/menno/.config/borg/security"',
f'export BORG_KEYS_DIR="/home/menno/.config/borg/keys"'
]
# Check if we're being eval'd (no arguments and stdout is a pipe)
if not args and not os.isatty(sys.stdout.fileno()):
# Just output the export commands for eval
for export_cmd in exports:
print(export_cmd)
return 0
# Print instructions and examples
printfe("cyan", "🔧 Borg Environment Setup")
print()
printfe("yellow", "Run the following command to setup your shell:")
print()
printfe("green", "eval $(dotf source)")
print()
printfe("red", "⚠️ Repository Permission Issue:")
printfe("white", "The Borg repository was created by root, so you need sudo:")
print()
printfe("green", "sudo -E borg list")
printfe("green", "sudo -E borg info")
print()
printfe("yellow", "Or copy and paste these exports:")
print()
# Output the export commands
for export_cmd in exports:
print(export_cmd)
print()
printfe("cyan", "📋 Borg commands (use with sudo -E):")
printfe("white", " sudo -E borg list # List all backups")
printfe("white", " sudo -E borg info # Repository info")
printfe("white", " sudo -E borg list ::archive-name # List files in backup")
printfe("white", " sudo -E borg mount . ~/borg-mount # Mount as filesystem")
return 0
if __name__ == "__main__":
sys.exit(main())

99
bin/actions/timers.py Executable file
View File

@@ -0,0 +1,99 @@
#!/usr/bin/env python3
import os
import subprocess
import sys
# Add the helpers directory to the path
sys.path.append(os.path.join(os.path.dirname(__file__), '..', 'helpers'))
from functions import printfe
def run_command(cmd, capture_output=True):
"""Run a command and return the result"""
try:
result = subprocess.run(cmd, shell=True, capture_output=capture_output, text=True)
return result
except Exception as e:
printfe("red", f"Error running command: {e}")
return None
def show_timer_status(timer_name, system_level=True):
"""Show concise status for a specific timer"""
cmd_prefix = "sudo systemctl" if system_level else "systemctl --user"
# Get timer status
status_cmd = f"{cmd_prefix} is-active {timer_name}"
status_result = run_command(status_cmd)
status = "active" if status_result and status_result.returncode == 0 else "inactive"
# Get next run time
list_cmd = f"{cmd_prefix} list-timers {timer_name} --no-legend"
list_result = run_command(list_cmd)
next_run = "unknown"
if list_result and list_result.returncode == 0 and list_result.stdout.strip():
parts = list_result.stdout.strip().split()
if len(parts) >= 4:
next_run = f"{parts[0]} {parts[1]} {parts[2]} ({parts[3]})"
# Get service name
service_name = timer_name.replace('.timer', '.service')
# Format output
status_color = "green" if status == "active" else "red"
service_short = service_name.replace('.service', '')
printfe(status_color, f"{service_short:<12} {status:<8} next: {next_run}")
def show_examples():
"""Show example commands for checking services and logs"""
printfe("cyan", "=== Useful Commands ===")
print()
printfe("yellow", "Check service status:")
print(" sudo systemctl status borg-backup.service")
print(" sudo systemctl status dynamic-dns.service")
print()
printfe("yellow", "View logs:")
print(" sudo journalctl -u borg-backup.service -f")
print(" sudo journalctl -u dynamic-dns.service -f")
print(" tail -f /var/log/borg-backup.log")
print()
printfe("yellow", "Manual trigger:")
print(" sudo systemctl start borg-backup.service")
print(" sudo systemctl start dynamic-dns.service")
print()
printfe("yellow", "List all timers:")
print(" sudo systemctl list-timers")
print()
def main():
"""Main timers action"""
args = sys.argv[1:] if len(sys.argv) > 1 else []
printfe("cyan", "🕐 System Timers")
print()
# Show timer statuses
timers = [
("borg-backup.timer", True),
("dynamic-dns.timer", True)
]
for timer_name, system_level in timers:
if os.path.exists(f"/etc/systemd/system/{timer_name}"):
show_timer_status(timer_name, system_level)
else:
printfe("yellow", f" {timer_name.replace('.timer', ''):<12} not found")
print()
# Show helpful examples
show_examples()
return 0
if __name__ == "__main__":
sys.exit(main())

12
bin/dotf
View File

@@ -59,6 +59,14 @@ def lint(args):
"""Run the lint action"""
return run_script(f"{DOTFILES_BIN}/actions/lint.py", args)
def timers(args):
"""Run the timers action"""
return run_script(f"{DOTFILES_BIN}/actions/timers.py", args)
def source(args):
"""Run the source action"""
return run_script(f"{DOTFILES_BIN}/actions/source.py", args)
def ensure_git_hooks():
"""Ensure git hooks are correctly set up"""
hooks_dir = os.path.join(DOTFILES_ROOT, ".git/hooks")
@@ -114,7 +122,9 @@ def main():
"secrets": secrets,
"auto-start": auto_start,
"service": service,
"lint": lint
"lint": lint,
"timers": timers,
"source": source
}
if command in commands:

93
config/ansible/tasks/servers/borg-backup.yml Normal file
View File

@@ -0,0 +1,93 @@
---
- name: Borg Backup Installation and Configuration
block:
- name: Check if Borg is already installed
ansible.builtin.command: which borg
register: borg_check
ignore_errors: true
changed_when: false
- name: Ensure Borg is installed
ansible.builtin.package:
name: borg
state: present
become: true
when: borg_check.rc != 0
- name: Set Borg backup facts
ansible.builtin.set_fact:
borg_passphrase: "{{ lookup('community.general.onepassword', 'Borg Backup', vault='Dotfiles', field='password') }}"
borg_config_dir: "{{ ansible_env.HOME }}/.config/borg"
borg_backup_dir: "/mnt/services"
borg_repo_dir: "/mnt/object_storage/borg-repo"
- name: Create Borg directories
ansible.builtin.file:
path: "{{ borg_dir }}"
state: directory
mode: "0755"
loop:
- "{{ borg_config_dir }}"
- "/mnt/object_storage"
loop_control:
loop_var: borg_dir
become: true
- name: Check if Borg repository exists
ansible.builtin.stat:
path: "{{ borg_repo_dir }}/config"
register: borg_repo_check
become: true
- name: Initialize Borg repository
ansible.builtin.command: >
borg init --encryption=repokey {{ borg_repo_dir }}
environment:
BORG_PASSPHRASE: "{{ borg_passphrase }}"
become: true
when: not borg_repo_check.stat.exists
- name: Create Borg backup script
ansible.builtin.template:
src: templates/borg-backup.sh.j2
dest: "{{ borg_config_dir }}/backup.sh"
mode: "0755"
become: true
- name: Create Borg systemd service
ansible.builtin.template:
src: templates/borg-backup.service.j2
dest: /etc/systemd/system/borg-backup.service
mode: "0644"
become: true
register: borg_service
- name: Create Borg systemd timer
ansible.builtin.template:
src: templates/borg-backup.timer.j2
dest: /etc/systemd/system/borg-backup.timer
mode: "0644"
become: true
register: borg_timer
- name: Reload systemd daemon
ansible.builtin.systemd:
daemon_reload: true
become: true
when: borg_service.changed or borg_timer.changed
- name: Enable and start Borg backup timer
ansible.builtin.systemd:
name: borg-backup.timer
enabled: true
state: started
become: true
- name: Display Borg backup status
ansible.builtin.debug:
msg: "Borg backup is configured and will run daily at 2 AM. Logs available at /var/log/borg-backup.log"
tags:
- borg-backup
- borg
- backup

65
config/ansible/tasks/servers/dynamic-dns.yml
View File

@@ -1,47 +1,29 @@
---
- name: Dynamic DNS setup
block:
- name: Create environment file for dynamic DNS
- name: Create systemd environment file for dynamic DNS
ansible.builtin.template:
src: "{{ playbook_dir }}/templates/dynamic-dns.env.j2"
dest: "{{ ansible_user_dir }}/.local/bin/dynamic-dns.env"
src: "{{ playbook_dir }}/templates/dynamic-dns-systemd.env.j2"
dest: "/etc/dynamic-dns-systemd.env"
mode: "0600"
owner: root
group: root
become: true
- name: Create dynamic DNS wrapper script
ansible.builtin.copy:
dest: "{{ ansible_user_dir }}/.local/bin/dynamic-dns-update.sh"
dest: "/usr/local/bin/dynamic-dns-update.sh"
mode: "0755"
content: |
#!/bin/bash
# Load environment variables
source {{ ansible_user_dir }}/.local/bin/dynamic-dns.env
# Change to the directory containing the binary
cd {{ ansible_user_dir }}/.local/bin
# Run dynamic DNS update (binary compiled by utils.yml)
dynamic-dns-cf -record "vleeuwen.me,mvl.sh,mennovanleeuwen.nl" 2>&1 | logger -t dynamic-dns
- name: Setup cron job for dynamic DNS updates (fallback)
ansible.builtin.cron:
name: "Dynamic DNS Update"
minute: "*/15"
job: "{{ ansible_user_dir }}/.local/bin/dynamic-dns-update.sh"
user: "{{ ansible_user }}"
state: present
ignore_errors: true
tags: [cron]
- name: Create systemd user directory
ansible.builtin.file:
path: "{{ ansible_user_dir }}/.config/systemd/user"
state: directory
mode: "0755"
{{ ansible_user_dir }}/.local/bin/dynamic-dns-cf -record "vleeuwen.me,mvl.sh,mennovanleeuwen.nl" 2>&1 | logger -t dynamic-dns
become: true
- name: Create dynamic DNS systemd timer
ansible.builtin.copy:
dest: "{{ ansible_user_dir }}/.config/systemd/user/dynamic-dns.timer"
dest: "/etc/systemd/system/dynamic-dns.timer"
mode: "0644"
content: |
[Unit]
@@ -54,10 +36,12 @@
[Install]
WantedBy=timers.target
become: true
register: ddns_timer
- name: Create dynamic DNS systemd service
ansible.builtin.copy:
dest: "{{ ansible_user_dir }}/.config/systemd/user/dynamic-dns.service"
dest: "/etc/systemd/system/dynamic-dns.service"
mode: "0644"
content: |
[Unit]
@@ -67,31 +51,36 @@
[Service]
Type=oneshot
ExecStart={{ ansible_user_dir }}/.local/bin/dynamic-dns-update.sh
EnvironmentFile={{ ansible_user_dir }}/.local/bin/dynamic-dns.env
ExecStart=/usr/local/bin/dynamic-dns-update.sh
EnvironmentFile=/etc/dynamic-dns-systemd.env
User={{ ansible_user }}
Group={{ ansible_user }}
[Install]
WantedBy=default.target
WantedBy=multi-user.target
become: true
register: ddns_service
- name: Reload systemd user daemon
- name: Reload systemd daemon
ansible.builtin.systemd:
daemon_reload: true
scope: user
become: true
when: ddns_timer.changed or ddns_service.changed
- name: Enable and start dynamic DNS timer
ansible.builtin.systemd:
name: dynamic-dns.timer
enabled: true
state: started
scope: user
become: true
- name: Display setup completion message
ansible.builtin.debug:
msg: |
Dynamic DNS setup complete!
- Systemd timer: systemctl --user status dynamic-dns.timer
- Check logs: journalctl --user -u dynamic-dns.service -f
- Manual run: ~/.local/bin/dynamic-dns-update.sh
- Systemd timer: sudo systemctl status dynamic-dns.timer
- Check logs: sudo journalctl -u dynamic-dns.service -f
- Manual run: sudo /usr/local/bin/dynamic-dns-update.sh
- Domains: vleeuwen.me, mvl.sh, mennovanleeuwen.nl
when: inventory_hostname == 'mennos-cachyos-desktop'

5
config/ansible/tasks/servers/server.yml
View File

@@ -30,6 +30,11 @@
tags:
- dynamic-dns
- name: Include Borg Backup tasks
ansible.builtin.include_tasks: borg-backup.yml
tags:
- borg-backup
- name: System performance optimizations
ansible.posix.sysctl:
name: "{{ item.name }}"

31
config/ansible/templates/borg-backup.service.j2 Normal file
View File

@@ -0,0 +1,31 @@
[Unit]
Description=Borg Backup Service
After=network.target
[Service]
Type=oneshot
User=root
Group=root
ExecStart={{ borg_config_dir }}/backup.sh
StandardOutput=journal
StandardError=journal
Environment="BORG_PASSPHRASE={{ borg_passphrase }}"
Environment="BORG_REPO={{ borg_repo_dir }}"
Environment="BORG_CACHE_DIR={{ borg_config_dir }}/cache"
Environment="BORG_CONFIG_DIR={{ borg_config_dir }}/config"
Environment="BORG_SECURITY_DIR={{ borg_config_dir }}/security"
Environment="BORG_KEYS_DIR={{ borg_config_dir }}/keys"
# Security settings
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ReadWritePaths=/mnt/services /mnt/object_storage /var/log {{ borg_config_dir }}
ProtectHome=read-only
ProtectControlGroups=true
RestrictRealtime=true
SystemCallFilter=@system-service
SystemCallErrorNumber=EPERM
[Install]
WantedBy=multi-user.target

96
config/ansible/templates/borg-backup.sh.j2 Normal file
View File

@@ -0,0 +1,96 @@
#!/bin/bash
# Borg backup script for /mnt/services
# This script creates incremental backups of the services directory
# Set environment variables
export BORG_REPO="{{ borg_repo_dir }}"
export BORG_PASSPHRASE="{{ borg_passphrase }}"
export BORG_CACHE_DIR="{{ borg_config_dir }}/cache"
export BORG_CONFIG_DIR="{{ borg_config_dir }}/config"
export BORG_SECURITY_DIR="{{ borg_config_dir }}/security"
export BORG_KEYS_DIR="{{ borg_config_dir }}/keys"
# Backup name with timestamp
BACKUP_NAME="services-$(date +%Y%m%d-%H%M%S)"
# Log function
log() {
echo "$(date '+%Y-%m-%d %H:%M:%S') - $1" | tee -a /var/log/borg-backup.log
}
# Ensure all Borg directories exist
mkdir -p "$BORG_CACHE_DIR"
mkdir -p "$BORG_CONFIG_DIR"
mkdir -p "$BORG_SECURITY_DIR"
mkdir -p "$BORG_KEYS_DIR"
# Start backup
log "Starting Borg backup: $BACKUP_NAME"
# Create backup
borg create \
--verbose \
--filter AME \
--list \
--stats \
--show-rc \
--compression lz4 \
--exclude-caches \
--exclude '*.tmp' \
--exclude '*.temp' \
--exclude '*.log' \
--exclude '*/.cache' \
--exclude '*/cache' \
--exclude '*/logs' \
--exclude '*/tmp' \
--exclude '*/node_modules' \
--exclude '*/__pycache__' \
"::$BACKUP_NAME" \
{{ borg_backup_dir }}
backup_exit=$?
log "Backup finished with exit code: $backup_exit"
# Prune old backups (keep last 7 daily, 4 weekly, 6 monthly)
log "Pruning old backups"
# Check if there are any archives to prune first
archive_count=$(borg list --short --prefix 'services-' 2>/dev/null | wc -l)
if [ "$archive_count" -gt 1 ]; then
borg prune \
--list \
--prefix 'services-' \
--show-rc \
--keep-daily 7 \
--keep-weekly 4 \
--keep-monthly 6
prune_exit=$?
else
log "Only one or no archives found, skipping prune"
prune_exit=0
fi
log "Prune finished with exit code: $prune_exit"
# Compact repository
log "Compacting repository"
borg compact
compact_exit=$?
log "Compact finished with exit code: $compact_exit"
# Global exit status
global_exit=$(( backup_exit > prune_exit ? backup_exit : prune_exit ))
global_exit=$(( compact_exit > global_exit ? compact_exit : global_exit ))
if [ $global_exit -eq 0 ]; then
log "Backup completed successfully"
else
log "Backup completed with warnings or errors (exit code: $global_exit)"
fi
exit $global_exit

12
config/ansible/templates/borg-backup.timer.j2 Normal file
View File

@@ -0,0 +1,12 @@
[Unit]
Description=Run Borg Backup Daily
Requires=borg-backup.service
[Timer]
# Run daily at 2 AM
OnCalendar=daily
Persistent=true
RandomizedDelaySec=1800
[Install]
WantedBy=timers.target

12
config/ansible/templates/dynamic-dns-systemd.env.j2 Normal file
View File

@@ -0,0 +1,12 @@
# Dynamic DNS Environment Configuration for SystemD
# This file contains sensitive credentials and should be kept secure
# Credentials are automatically retrieved from OnePassword
# CloudFlare API Token (required)
# Retrieved from OnePassword: CloudFlare API Token
CLOUDFLARE_API_TOKEN={{ lookup('community.general.onepassword', 'CloudFlare API Token', vault='Dotfiles', field='password') }}
# Telegram Bot Credentials (for notifications when IP changes)
# Retrieved from OnePassword: Telegram DynDNS Bot
TELEGRAM_BOT_TOKEN={{ lookup('community.general.onepassword', 'Telegram DynDNS Bot', vault='Dotfiles', field='password') }}
TELEGRAM_CHAT_ID={{ lookup('community.general.onepassword', 'Telegram DynDNS Bot', vault='Dotfiles', field='chat_id') }}

12
config/ansible/templates/dynamic-dns.env.j2
View File

@@ -1,12 +0,0 @@
# Dynamic DNS Environment Configuration
# This file contains sensitive credentials and should be kept secure
# Credentials are automatically retrieved from OnePassword
# CloudFlare API Token (required)
# Retrieved from OnePassword: CloudFlare API Token
export CLOUDFLARE_API_TOKEN="{{ lookup('community.general.onepassword', 'CloudFlare API Token', vault='Dotfiles', field='password') }}"
# Telegram Bot Credentials (for notifications when IP changes)
# Retrieved from OnePassword: Telegram DynDNS Bot
export TELEGRAM_BOT_TOKEN="{{ lookup('community.general.onepassword', 'Telegram DynDNS Bot', vault='Dotfiles', field='password') }}"
export TELEGRAM_CHAT_ID="{{ lookup('community.general.onepassword', 'Telegram DynDNS Bot', vault='Dotfiles', field='chat_id') }}"