diff --git a/nixos/hosts/framework-server/cron.nix b/nixos/hosts/framework-server/cron.nix index a6e96125..a10ab255 100644 --- a/nixos/hosts/framework-server/cron.nix +++ b/nixos/hosts/framework-server/cron.nix @@ -2,9 +2,67 @@ services.cron = { enable = true; systemCronJobs = [ - "0 0 * * * ${pkgs.rsync}/bin/rsync --delete -avr /Storage/Data/Docker/root@nuc-docker01:/Storage/Data/Docker/" - "0 3 * * * ${pkgs.rsync}/bin/rsync -avr /Storage/Data/Docker/nextcloud/html/data/albert/files/InstantUpload/ root@nuc-docker01:/Storage/Video/Pictures/InstantUpload/" - "0 5 * * * ${pkgs.rsync}/bin/rsync -avr /Storage/Data/Docker/nextcloud/html/data/albert/files/Wallpapers/ root@nuc-docker01:/Storage/Video/Pictures/Wallpapers" + # Backups to nuc-docker01 + ''0 0 * * * ${pkgs.rsync}/bin/rsync --delete -avr /Storage/Data/Docker/root@nuc-docker01:/Storage/Data/Docker/'' + ''0 3 * * * ${pkgs.rsync}/bin/rsync -avr /Storage/Data/Docker/nextcloud/html/data/albert/files/InstantUpload/ root@nuc-docker01:/Storage/Video/Pictures/InstantUpload/'' + ''0 5 * * * ${pkgs.rsync}/bin/rsync -avr /Storage/Data/Docker/nextcloud/html/data/albert/files/Wallpapers/ root@nuc-docker01:/Storage/Video/Pictures/Wallpapers'' + # DERP relay certs + ''@hourly cp /Storage/Data/Docker/letsencrypt/certs/certs/\*.sysctl.io.crt /Storage/Data/Docker/letsencrypt/certs/certs/derp.sysctl.io.crt'' + ''@hourly cp /Storage/Data/Docker/letsencrypt/certs/private/\*.sysctl.io.key /Storage/Data/Docker/letsencrypt/certs/private/derp.sysctl.io.key'' + # Back up the docker containers weekly: + ''@weekly source ~/.bashrc; ssh nuc-docker01 "rm -rf /Storage/Backups/Docker/sysctl.io/*"; for i in $(docker ps --format '{{.Names}}'); do docker export $i | gzip -cf | ssh root@nuc-docker01 "cat > /Storage/Backups/Docker/sysctl.io/$i.tar.gz"; done'' + # Set a random Pi-Hole password + ''* * * * * /usr/bin/docker exec pihole sudo pihole -a -p $(openssl rand -hex 128)'' + # Run the ClamAV scan + ''@monthlysource ~/.bashrc; /Storage/Data/docker-compose/sysctl.io/scripts/clamscan-cron.sh'' ]; }; + +# Old crontab: +# # At reboot, apply the ip_tables modprobe so Wireguard works +# @reboot /usr/sbin/modprobe ip_tables +# +# # At reboot, restart Docker. Otherwise, iptables / the firewall freaks out +# @reboot /usr/bin/systemctl stop docker; /usr/bin/systemctl start docker +# +# # Every day, get storage space for monitoring +# @daily source ~/.bashrc; for i in `ls /Storage/Data/Docker`; do echo echo "$(date): $(du -s /Storage/Data/Docker/$i)" | sed -e 's/\/Storage\/Data\/Docker\/\$i//' >> /root/sizes/$i.log; done +# +# # Clean up NextCloud files weekly to save space +# @weekly source ~/.bashrc; /usr/bin/docker exec -uwww-data nextcloud php occ versions:cleanup +# # Run the Nextcloud cronjobs hourly +# @hourly source ~/.bashrc; /usr/bin/docker exec -uwww-data nextcloud php -f /var/www/html/cron.php +# +# +# # Clear out Mastodon caches daily +# @daily source ~/.bashrc; /usr/bin/docker exec mastodon-web tootctl preview_cards remove --days 1 +# @daily source ~/.bashrc; /usr/bin/docker exec mastodon-web tootctl media remove --days 1 --prune-profiles +# @daily source ~/.bashrc; /usr/bin/docker exec mastodon-web tootctl accounts prune +# @daily source ~/.bashrc; /usr/bin/docker exec mastodon-web tootctl statuses remove --days 1 +# @daily source ~/.bashrc; /usr/bin/docker exec mastodon-web tootctl media remove --remove-headers --include-follows --days 0 +# @daily source ~/.bashrc; /usr/bin/docker exec mastodon-web tootctl preview_cards remove --days 1 +# @daily source ~/.bashrc; /usr/bin/docker exec mastodon-web tootctl media remove-orphans +# +# # Run the Pixelfed scheduler +# * * * * * /usr/bin/docker exec pixelfed-app php artisan schedule:run +# +# # Run the ClamAV scan +# @monthly source ~/.bashrc; /Storage/Data/docker-compose/sysctl.io/scripts/clamscan-cron.sh +# +# # Set a random PiHole password every minute +# * * * * * /usr/bin/docker exec pihole sudo pihole -a -p $(openssl rand -hex 128) +# +# # back up crontab: +# # 0 0 * * * /usr/bin/crontab -l > /Storage/Data/Temporary/crontab +# +# # Back up and delete local copies of Loki logs monthly +# @monthly source ~/.bashrc; /Storage/Data/docker-compose/sysctl.io/scripts/backup-logs.sh >> /Storage/Data/Temporary/log_backups.log +# +# # Back up the docker containers weekly: +# @weekly source ~/.bashrc; ssh nuc-docker01 "rm -rf /Storage/Backups/Docker/sysctl.io/*"; for i in $(docker ps --format '{{.Names}}'); do docker export $i | gzip -cf | ssh root@nuc-docker01 "cat > /Storage/Backups/Docker/sysctl.io/$i.tar.gz"; done +# +# # Set up DERP relay certs for headscale-derp: +# @hourly cp /Storage/Data/Docker/letsencrypt/certs/certs/\*.sysctl.io.crt /Storage/Data/Docker/letsencrypt/certs/certs/derp.sysctl.io.crt +# @hourly cp /Storage/Data/Docker/letsencrypt/certs/private/\*.sysctl.io.key /Storage/Data/Docker/letsencrypt/certs/private/derp.sysctl.io.key + } \ No newline at end of file