From 162134d9511a89a39e054d2a428c6a41db178f7d Mon Sep 17 00:00:00 2001 From: Felix Albrigtsen Date: Sun, 8 Sep 2024 00:29:36 +0200 Subject: [PATCH] defiant: Add domeneshop-dyndns --- hosts/defiant/configuration.nix | 1 + hosts/defiant/services/dyndns.nix | 26 ++++++++++++++++++++++++++ secrets/defiant/defiant.yaml | 6 ++++-- 3 files changed, 31 insertions(+), 2 deletions(-) create mode 100644 hosts/defiant/services/dyndns.nix diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix index 2abdb81..78f473d 100644 --- a/hosts/defiant/configuration.nix +++ b/hosts/defiant/configuration.nix @@ -16,6 +16,7 @@ ./services/wireguard.nix # Services + ./services/dyndns.nix ./services/flame.nix ./services/gitea.nix ./services/hedgedoc.nix diff --git a/hosts/defiant/services/dyndns.nix b/hosts/defiant/services/dyndns.nix new file mode 100644 index 0000000..8bf401b --- /dev/null +++ b/hosts/defiant/services/dyndns.nix @@ -0,0 +1,26 @@ +{ config, pkgs, lib, ... }: + +let + dnsname = "site3.feal.no"; +in { + # Defines DDNS_TOKEN and DDNS_SECRET from https://domene.shop/admin?view=api + sops.secrets."domeneshop/env" = { }; + + systemd.services.domeneshop-dyndns = { + serviceConfig.EnvironmentFile = config.sops.secrets."domeneshop/env".path; + startAt = "*/10 * * * *"; + + script = '' + DNSNAME="${dnsname}" + NEW_IP="$(${lib.getExe pkgs.curl} --silent https://ipinfo.io/ip)" + OLD_IP="$(${lib.getExe pkgs.getent} hosts "$DNSNAME" | ${lib.getExe pkgs.gawk} '{ print $1 }')" + + if [[ "$NEW_IP" != "$OLD_IP" ]]; then + echo "Old IP ($OLD_IP) does not match new IP ($NEW_IP), updating..." + ${lib.getExe pkgs.curl} --silent "https://$DDNS_TOKEN:$DDNS_SECRET@api.domeneshop.no/v0/dyndns/update?hostname=$DNSNAME&myip=$NEW_IP" + else + echo "Old IP ($OLD_IP) matches new IP ($NEW_IP), exiting..." + fi + ''; + }; +} diff --git a/secrets/defiant/defiant.yaml b/secrets/defiant/defiant.yaml index e51f3b6..5fb4e6d 100644 --- a/secrets/defiant/defiant.yaml +++ b/secrets/defiant/defiant.yaml @@ -2,6 +2,8 @@ matrix: synapse: registrationsecret: ENC[AES256_GCM,data:bWxzNB3c7GL6A4evVMoYJ2/q5TKyeSZzk05lUTMMDLBf3w/ks028oKjntGWbAvpSbnYPAO5wGPPKrvh8TnMVfjuBVrBtL8Vmt10t7YU/e15Xo0WvtwuAtjF6AWiGbV8=,iv:/KW9n2wuVua6zsmMZ/tq7J3wgmtrkLsh6aOWX0Z+fqo=,tag:aoIpD0JgsVnhlyDcsjx1eg==,type:str] oidcsecret: ENC[AES256_GCM,data:AKUTKQStFwioRaRYnrFbL/kJM0ZO/ZPLumG+770+A7U=,iv:jSpL6dY27zwctra5w56loVR9rRETWe5eIeMnAn9f6S0=,tag:IoEP8UzoZK7B5LtTu9Ebsw==,type:str] +domeneshop: + env: ENC[AES256_GCM,data:IBEWzGjXPTCxc2yBZxs2TnhrwTUjCey9qgprfmYlRMfoYjbSQDRzFoY3EXWfrRC8O/wt5/noar/XY5C6Krob6LynSHitaudXD/mPegR5u313tO9QwLOpScaA+lGyqUkUkddiI52cARJP,iv:dvMdW4o9ByUO5rl/1TXnwsnxd97UJqtv9UmERXdno2I=,tag:iNLGLF7aT2rLuDdwGfn2EA==,type:str] hedgedoc: env: ENC[AES256_GCM,data:30kDNwJA/nL2/l1gSVPWgFYIrrxnhKbsQPaS1MqeaggjDpPxyNOhSLf5/p5Z5S/jDuJapevpQR70hfAM8g3gLRNIFtP38V/8w0lUngpuz6MzL7THdNfbabOKsHpNht+nxwGXE1YSd0D4OuX5ll5pLWT8nQtNhhOzuYmDIJ/Xc01lmcGc2ThsA0GlkWZxUw==,iv:ht6BiCYJReWFoR1zpo/X0bcgMV9tYfXUM7Re2ngEk4M=,tag:XrlYHyhVujhhWul3czSTDg==,type:str] vaultwarden: @@ -37,8 +39,8 @@ sops: RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-10T17:02:13Z" - mac: ENC[AES256_GCM,data:vHwX4i0SqiMI+laj079uNvO/6QKzqAoS4JmhUIW/1F7xjtd/Wv5Ia/00EexMMw59cvaDW/k7QB13xyHNixloFhH5aXi3bF8b8uIP6U3K0nlbIYp2tVRU3m/FtkhabzIuP5o/sfoO+gfcuHfTQxjwcap8Tx3VsecjJO0PaR9+EHU=,iv:6c0hRRRddD535GH9zGWnaBnq0jcSlyN0dPIEW+ldGew=,tag:185qSz+tgfXg/f65sf/y+Q==,type:str] + lastmodified: "2024-09-07T21:42:51Z" + mac: ENC[AES256_GCM,data:vxl36zjB978nOMO49YFYSyoKM9rX5NT0kJh5nruGU7a0RxcvQrN3sSHZCfes7uFAvEGiFO4YG3LCiMDuUCZYCTV3nMLnu7aAjqDhcSQqcCYieBx4V9wYSdFqebP9asvArOVUN3hL9xze++q+IvxYYISL1EPlWpAF+SdGVMykGDE=,iv:1wW/OHd+A0qupzXn11est/nPGcGJSg8YxyU0hKzTT1k=,tag:YHgeE0ycLRIqAPv4HNpSjg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1