diff --git a/nixos/configurations/Tytonidae/dae/default.nix b/nixos/configurations/Tytonidae/dae/default.nix index f4fa4d9..e8e43d7 100644 --- a/nixos/configurations/Tytonidae/dae/default.nix +++ b/nixos/configurations/Tytonidae/dae/default.nix @@ -1,7 +1,7 @@ { - pkgs, config, rootPath, + pkgs, ... }: { @@ -20,35 +20,68 @@ }; systemd.services = let - new_proxy = "/etc/dae/proxy.d.new"; - head = "user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36"; update = '' + head="user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36" + new_proxy=/etc/dae/proxy.d.new num=0 check=1 - urls="$(${pkgs.coreutils}/bin/cat ${config.sops.secrets.url.path})" - mkdir -p ${new_proxy} - for url in "''${urls}"; do - txt=${new_proxy}/''${num}.txt - config="${new_proxy}/''${num}.dae" - ${pkgs.curl}/bin/curl -H "${head}" "''${url}" > "''${txt}" - ${pkgs.coreutils}/bin/echo "" > ''${config} - ${pkgs.coreutils}/bin/echo 'subscription {' >> ''${config} - ${pkgs.coreutils}/bin/echo \ \ wget:\ \"file\://proxy.d/''${num}.txt\" >> ''${config} - ${pkgs.coreutils}/bin/echo } >> ''${config} + urls="$(cat ${config.sops.secrets.url.path})" + mkdir -p ''${new_proxy} + for url in ''${urls}; do + txt=''${new_proxy}/''${num}.txt + config="''${new_proxy}/''${num}.dae" + echo \'curl -LH \""''${head}"\" \""''${url}"\" -o \""''${txt}"\"\' + curl -LH "''${head}" "''${url}" -o "''${txt}" + echo End curl + echo "" > ''${config} + { + echo 'subscription {' + echo \ \ wget:\ \"file://proxy.d/''${num}.txt\" + echo "}" + } >> ''${config} if [[ ! -s ''${txt} ]]; then check=0 fi - ${pkgs.coreutils}/bin/chmod 0640 ''${txt} - ${pkgs.coreutils}/bin/chmod 0640 ''${config} - link=$((link+1)) + chmod 0640 ''${txt} + chmod 0640 ''${config} + num=$((num+1)) if [[ ''${check} -eq 0 ]]; then - exit -1 + echo "''${txt}" is empty + exit 103 fi done - ${pkgs.coreutils}/bin/rm -r /etc/dae/proxy.d - ${pkgs.coreutils}/bin/mv ${new_proxy} /etc/dae/proxy.d + if [[ -d /etc/dae/proxy.d ]]; then + mv /etc/dae/proxy.d /etc/dae/proxy.d.old + fi + mv ''${new_proxy} /etc/dae/proxy.d ''; + updateScript = pkgs.writeShellApplication { + name = "update.sh"; + runtimeInputs = with pkgs; [ + coreutils + curl + ]; + text = '' + mkdir -p /etc/proxy.d + if [ -z "$(ls -A /etc/dae/proxy.d 2>/dev/null)" ]; then + echo "No subscription file found in /etc/dae/proxy.d. Update now..." + ${update} + else + echo "Found existing subscription files. Skipping immediate update." + fi + ''; + }; + updateForceScript = pkgs.writeShellApplication { + name = "update-force.sh"; + runtimeInputs = with pkgs; [ + coreutils + curl + ]; + text = '' + ${update} + ''; + }; in { "update-dae-subscription-immediate" = { @@ -58,62 +91,26 @@ serviceConfig = { Type = "oneshot"; User = "root"; - ExecStart = - let - script = pkgs.writeTextFile { - name = "update-dae-subscription-immediate"; - executable = true; - destination = "/bin/script"; - text = '' - ${pkgs.coreutils}/bin/mkdir -p /etc/proxy.d - if [ -z "$(ls -A /etc/dae/proxy.d 2>/dev/null)" ]; then - ${pkgs.coreutils}/bin/echo "No subscription file found in /etc/dae/proxy.d. Update now..." - ${update} - else - ${pkgs.coreutils}/bin/echo "Found existing subscription files. Skipping immediate update." - fi - ''; - }; - in - [ - "${pkgs.bash}/bin/bash ${script}/bin/script" - ]; + ExecStart = [ + "${updateScript}/bin/update.sh" + ]; }; wantedBy = [ "multi-user.target" ]; }; - - # "update-dae-subscription-weekly" = { - # after = [ "network-online.target" ]; - # wants = [ "network-online.target" ]; - # wantedBy = [ "multi-user.target" ]; - # serviceConfig = { - # Type = "oneshot"; - # ExecStart = - # let - # script = pkgs.writeTextFile { - # name = "update-dae-subscription-weekly"; - # executable = true; - # destination = "/bin/script"; - # text = '' - # ${pkgs.coreutils}/bin/echo "Force subscription update..." - # ${pkgs.coreutils}/bin/mkdir -p /etc/proxy.d - # ${update} - # ''; - # }; - # in - # [ - # "${pkgs.bash}/bin/bash ${script}/bin/script" - # ]; - # }; - # }; + "update-dae-subscription-force" = { + serviceConfig = { + Type = "oneshot"; + User = "root"; + ExecStartPre = [ + "-${pkgs.systemd}/bin/systemctl stop dae.service" + ]; + ExecStartPost = [ + "-${pkgs.systemd}/bin/systemctl start dae.service" + ]; + ExecStart = [ + "${updateForceScript}/bin/update-force.sh" + ]; + }; + }; }; - - # systemd.timers."dae-update" = { - # wantedBy = [ "timers.target" ]; - # timerConfig = { - # OnCalendar = "weekly"; - # Unit = "dae-update.service"; - # Persistent = true; - # }; - # }; } diff --git a/secrets/general.yaml b/secrets/general.yaml index b8eac3b..db94610 100644 --- a/secrets/general.yaml +++ b/secrets/general.yaml @@ -1,6 +1,6 @@ ssh-private-key: ENC[AES256_GCM,data:hT2/OaZBAXK8eQe0qAxHw8nO6Z9ErzUdGWUgN/0c04NKUz6dyynKXsSEE7sC/P/WfUCOTXVgf7u/SY2/hMBG2tpceEwx2FDVJnUDF6Wi/2U8C1z3TjBitjYY1apku3lMTNYF7GwflUA+lB3xcKJ9dKnJlU/5moPqCf58G5w9DFXM1YJcUfVQ1Cl5MKguJkxpSw4MMm7QxGhruX5C/a84TYIZC/IHll3f1e6qvM+5TEibXIa9LBMcT7pxw4SQ/vhPmAJO54/GHbktTHxkjPbo2keGr3J1Im+TlX9OB81cbNZMxIn++Igw9iffF0LZmudmndLhWFPUK0itpkP8pjMY3rIrI6KsPG/7w4zQMO0p6rNfeGjkLvKp3mj5mYRlBdMaqtiqngAxzelsKaVhXlO+JXR+qdpONico8mRP+f3KSJU6gmGCIw0RNFcBlV/NN2VNUTxBS7/cwYGKF1kkb4Or9h5l5N7Ta1U5m2PEYclrneuclx6fdKXfChLG65E0l86EgpMyC6hHSL1x51e8QJSnHBkbjAMI59Kj9sy4QE8J4/a3q1D/sr/bn2t2Y7W0CckK7iPqyeiA0RSXiIVZ,iv:QVQCQJyc2ZgSzBpJ2MIrjgxBKghpr48k9yGzBUIoffg=,tag:3zo3vzwqWhQkAWB4N4R0NQ==,type:str] git-credential: ENC[AES256_GCM,data:Rt6ccMJ+D/Jv1U7Ex51j4zIKp5KIyPFJdWZwJyW6liU5CHxBfrFWeNOJobhT5tFPrhzHRUI=,iv:f2SYFKpAcHoKG3dMsniKRi02EFDzwgzzli5Qzw8CWqo=,tag:hUi0FAZ7+2+mcqUsz5HtbQ==,type:str] -url: ENC[AES256_GCM,data:n152X334cpUJXgm/0D+mbF2xDOSq/xT4xO3rBLjxEkcAexkn7lIm2mHKLaumBO0M7YC6gP/AVZlhOrpC7EtwwyzvxFgZIYBT0u3pKRpp2ifedMXd/7iKq45vu3xltX8blFF5TcMslO4UsXJEc+NxnCMS/PvO,iv:RWFUzHi2t06CqY1fHPTFUJevyW0bXc1xuhsjfZd3UAw=,tag:BWGxxAtfoJ8tbbbKbkzQRw==,type:str] +url: ENC[AES256_GCM,data:ouWl1losoEBxgUYkZLGhcA7bmqJG0ivx8wNoYx64+lvOVNzg0Q0wp8GFK1ikRQAq2gljiYoLlbGAehePpadAIgePQKP03LC65EzME/gynjZpq2FC9shm75SnymH7imhYcvEVidpoDR/FDBmsTLqAvbV2nmF+,iv:KKr2S1faSHAuiLvGiKdgiJXXrBoXY7qDGfvPuHEi1C8=,tag:srSWuFwGVkLE2GB9yhzTXw==,type:str] sops: kms: [] gcp_kms: [] @@ -16,8 +16,8 @@ sops: dTkwcThVQTNYZ0RKWnIwMEgzQ2lYMVEKWs0OsGlPCRfsjZwntyVa6RGhZLye35kX 3PDxZ66jP63OGi5Hai17fp5IvT3/mIRWh6UMq44TFz9OQoUWCymakg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-01-12T08:58:47Z" - mac: ENC[AES256_GCM,data:XXdGGA/S6tg3xlsLwEtRjLHIVRRQHR2MBIeZv+9VtGYG1cBJD64RGZBCAJ5Jaw7WctcqZqj0Q1C9rIgNyv8ZYJTum3ok469WNFfcoDkPCr12nAO7vujvZp5xA5KfOdiP3wrHmorD4hl8qfv2oURm2RDcfzMIL2LWgNiwWndXs+I=,iv:RVHpsunJlOzN3QxxPfQdkUiC+Tf71j4L7SGEeTfDzYM=,tag:BgMqfCz1RG5Kl5PCIf/HdQ==,type:str] + lastmodified: "2025-01-13T08:37:59Z" + mac: ENC[AES256_GCM,data:7Y1fHRBvU1HqNeX8R0s/zduiH96z2xLR4Mf4X4v1UYG/uhMk2MJ42Q8dHyK6HCeR0m81WiPal5zZRSWQzwxCSC9GDZiUTJhacsTazqXbqZHGyKm3IW5lFP21dqNqZQ//cIM+VVg/KpqFRHOOqA0gSIjMJxgef7nC7jm8vWTbr9k=,iv:dJ31SWiGYdnoRaJwrex6UlarTofdr02zosMF63GDJQI=,tag:mdIqQqiUyPXbK5JCKZsXuw==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.2