felixalb/nixos-config
felixalb
/
nixos-config
mirror of https://git.feal.no/felixalb/nixos-config.git
2
2
Fork 0
Code Issues Activity

domeneshop-dyndns: don't put credentials in the command line options

This commit is contained in:
Felix Albrigtsen 2024-09-08 02:32:11 +02:00
parent 7cd7596d66
commit 50dbcfeceb
5 changed files with 16 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
common/domeneshop-dyndns.nix
View File

@ -11,9 +11,9 @@ in {
description = "Domain name to configure"; description = "Domain name to configure";
}; };
environmentFile = lib.mkOption { netrcFile = lib.mkOption {
type = lib.types.path; type = lib.types.path;
description = "Path to the file that sets DDNS_TOKEN and DDNS_SERET from https://www.domeneshop.no/admin?view=api"; description = "Path to the file that contains `machine api.domeneshop.no login <DDNS_TOKEN> password <DDNS_SECRET>` from https://domene.shop/admin?view=api";
}; };
startAt = lib.mkOption { startAt = lib.mkOption {
@ -25,7 +25,7 @@ in {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
systemd.services.domeneshop-dyndns = { systemd.services.domeneshop-dyndns = {
serviceConfig.EnvironmentFile = cfg.environmentFile; serviceConfig.LoadCredential = "netrc:${cfg.netrcFile}";
startAt = cfg.startAt; startAt = cfg.startAt;
script = '' script = ''
@ -35,7 +35,7 @@ in {
if [[ "$NEW_IP" != "$OLD_IP" ]]; then if [[ "$NEW_IP" != "$OLD_IP" ]]; then
echo "Old IP ($OLD_IP) does not match new IP ($NEW_IP), updating..." echo "Old IP ($OLD_IP) does not match new IP ($NEW_IP), updating..."
${lib.getExe pkgs.curl} --silent "https://$DDNS_TOKEN:$DDNS_SECRET@api.domeneshop.no/v0/dyndns/update?hostname=$DNSNAME&myip=$NEW_IP" ${lib.getExe pkgs.curl} --silent --netrc-file "$CREDENTIALS_DIRECTORY/netrc" "https://api.domeneshop.no/v0/dyndns/update?hostname=$DNSNAME&myip=$NEW_IP"
else else
echo "Old IP ($OLD_IP) matches new IP ($NEW_IP), exiting..." echo "Old IP ($OLD_IP) matches new IP ($NEW_IP), exiting..."
fi fi

4
hosts/burnham/services/dyndns.nix
View File

@ -1,11 +1,11 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
sops.secrets."domeneshop/env" = { }; sops.secrets."domeneshop/netrc" = { };
services.domeneshop-dyndns = { services.domeneshop-dyndns = {
enable = true; enable = true;
domain = "site2.feal.no"; domain = "site2.feal.no";
environmentFile = config.sops.secrets."domeneshop/env".path; netrcFile = config.sops.secrets."domeneshop/netrc".path;
}; };
} }

4
hosts/defiant/services/dyndns.nix
View File

@ -1,11 +1,11 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
sops.secrets."domeneshop/env" = { }; sops.secrets."domeneshop/netrc" = { };
services.domeneshop-dyndns = { services.domeneshop-dyndns = {
enable = true; enable = true;
domain = "site3.feal.no"; domain = "site3.feal.no";
environmentFile = config.sops.secrets."domeneshop/env".path; netrcFile = config.sops.secrets."domeneshop/netrc".path;
}; };
} }

7
secrets/burnham/burnham.yaml
View File

@ -1,5 +1,5 @@
domeneshop: domeneshop:
env: ENC[AES256_GCM,data:MMzTECLowcUBvpXKKsqOTl03V244VcdO8ddXiboYJJtiPBlmBL4cVTSE3QzzWIlR0iNUlLtQlI9E8RIjys602tNMbWxqaJsyiRAFKS9pnOjhrIVH5dLaXLtxwk2Xp/Spg5aObwmgoP8=,iv:LMR1XBIT2x0RZ92hCTQAlHvOyX+ZXk0PrpGtNAWyLas=,tag:A6r1/+imJ7T4OwZcFIVKcQ==,type:str] netrc: ENC[AES256_GCM,data:iN9TEMRQpEUbq5kQRXKNG1pFr2rtQtCBXuK1w/7Wn6FAiWkGmCu8GIjPSDnMkZ4+l3kxJhNSix3AzIQwp6oayV1hIoFTWgz/OHKrq2TtQIFy5gs0u0Ump2tmQZFP3GgxSEagfp+c6MbQkjCh0t/PKiPE5MRJJnOJ4/0D,iv:Ta7T5lnQQpMwO+zYgFE9izs78+gtleolk6l7DDnrMoo=,tag:UXeoR+tW5t4DMazb26FsHw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -24,8 +24,9 @@ sops:
QUlhZ3dsdkZYbWxyTkNMQSsxNEVocTQK2tugbp8JDQR3KxZoMn8fSVRBc4oBvrhy QUlhZ3dsdkZYbWxyTkNMQSsxNEVocTQK2tugbp8JDQR3KxZoMn8fSVRBc4oBvrhy
0Tz4vhejHbiQt0Xg8Im/1ucFGvbONExi4alu57noRqIoCe4AmNKQ+g== 0Tz4vhejHbiQt0Xg8Im/1ucFGvbONExi4alu57noRqIoCe4AmNKQ+g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-07T23:07:39Z" lastmodified: "2024-09-08T00:11:46Z"
mac: ENC[AES256_GCM,data:NM3a/DiyBZjsZvm+XXW8kyDOL1CpRsEt8Cya6TDJ/CY8259es+y6g9ImAtV1nF+/8X5qVInZ93xxRDWdoDeOG67TwYTgHHkGoz41S4Sf/YyGNzXj3+3eYZt2y4tW/BAWMxN1SiQjWKX4a3WVqs9X8EjmDC6yKFC7EX2DTXt+J1Y=,iv:LVbFCEg4NciZuongxrLTKTOWB1WoUvRfKuDaPxXxr3k=,tag:LSrOva26yn6jdkjP2kDYaA==,type:str] mac: ENC[AES256_GCM,data:/LgohCkIf5CSHdKVsBWzVbTwul7+HtFeG5a+qA9gjhTzdBaV985IeVPB0Vithmwu+h7BgsL3AGy2EADxGy7UtyhB7+UbcdDoPxHOFtiqv0Rjp4mNMirwjHcMSk42DWMw6+Wgfdy0FZlRkz4pOutZ2bRgehpQP2IYqlm8pjs9TiE=,iv:21wgEwUVRZvqW7uNjeANK8MJLbzy6LOb+iBXcHsp/H4=,tag:lV2qPE6gMNQsS1zom54sgg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

7
secrets/defiant/defiant.yaml
View File

@ -3,7 +3,7 @@ matrix:
registrationsecret: ENC[AES256_GCM,data:bWxzNB3c7GL6A4evVMoYJ2/q5TKyeSZzk05lUTMMDLBf3w/ks028oKjntGWbAvpSbnYPAO5wGPPKrvh8TnMVfjuBVrBtL8Vmt10t7YU/e15Xo0WvtwuAtjF6AWiGbV8=,iv:/KW9n2wuVua6zsmMZ/tq7J3wgmtrkLsh6aOWX0Z+fqo=,tag:aoIpD0JgsVnhlyDcsjx1eg==,type:str] registrationsecret: ENC[AES256_GCM,data:bWxzNB3c7GL6A4evVMoYJ2/q5TKyeSZzk05lUTMMDLBf3w/ks028oKjntGWbAvpSbnYPAO5wGPPKrvh8TnMVfjuBVrBtL8Vmt10t7YU/e15Xo0WvtwuAtjF6AWiGbV8=,iv:/KW9n2wuVua6zsmMZ/tq7J3wgmtrkLsh6aOWX0Z+fqo=,tag:aoIpD0JgsVnhlyDcsjx1eg==,type:str]
oidcsecret: ENC[AES256_GCM,data:AKUTKQStFwioRaRYnrFbL/kJM0ZO/ZPLumG+770+A7U=,iv:jSpL6dY27zwctra5w56loVR9rRETWe5eIeMnAn9f6S0=,tag:IoEP8UzoZK7B5LtTu9Ebsw==,type:str] oidcsecret: ENC[AES256_GCM,data:AKUTKQStFwioRaRYnrFbL/kJM0ZO/ZPLumG+770+A7U=,iv:jSpL6dY27zwctra5w56loVR9rRETWe5eIeMnAn9f6S0=,tag:IoEP8UzoZK7B5LtTu9Ebsw==,type:str]
domeneshop: domeneshop:
env: ENC[AES256_GCM,data:IBEWzGjXPTCxc2yBZxs2TnhrwTUjCey9qgprfmYlRMfoYjbSQDRzFoY3EXWfrRC8O/wt5/noar/XY5C6Krob6LynSHitaudXD/mPegR5u313tO9QwLOpScaA+lGyqUkUkddiI52cARJP,iv:dvMdW4o9ByUO5rl/1TXnwsnxd97UJqtv9UmERXdno2I=,tag:iNLGLF7aT2rLuDdwGfn2EA==,type:str] netrc: ENC[AES256_GCM,data:35HTN/L7FfKTdsnu73Vqcf9NEc/ybV9CtEYVh/3VFuge5LEviubcqR2ljkdh22HzMjzbzO9WZVTLo0K8oqrR+8zCbKmi4+4n8ZsnGrqdnx2/Bl2KGdNXTbvfkIqZMD7xRBJtSB2IVyXcB1u7JYd9jvr2xVek3IC8C1Zf,iv:XeqZZYWHD9Sww+IUoRs5+BEKZK80cDF1o4zdUlztA94=,tag:dHQe6Rqst75VTmXSiqTeTw==,type:str]
hedgedoc: hedgedoc:
env: ENC[AES256_GCM,data:30kDNwJA/nL2/l1gSVPWgFYIrrxnhKbsQPaS1MqeaggjDpPxyNOhSLf5/p5Z5S/jDuJapevpQR70hfAM8g3gLRNIFtP38V/8w0lUngpuz6MzL7THdNfbabOKsHpNht+nxwGXE1YSd0D4OuX5ll5pLWT8nQtNhhOzuYmDIJ/Xc01lmcGc2ThsA0GlkWZxUw==,iv:ht6BiCYJReWFoR1zpo/X0bcgMV9tYfXUM7Re2ngEk4M=,tag:XrlYHyhVujhhWul3czSTDg==,type:str] env: ENC[AES256_GCM,data:30kDNwJA/nL2/l1gSVPWgFYIrrxnhKbsQPaS1MqeaggjDpPxyNOhSLf5/p5Z5S/jDuJapevpQR70hfAM8g3gLRNIFtP38V/8w0lUngpuz6MzL7THdNfbabOKsHpNht+nxwGXE1YSd0D4OuX5ll5pLWT8nQtNhhOzuYmDIJ/Xc01lmcGc2ThsA0GlkWZxUw==,iv:ht6BiCYJReWFoR1zpo/X0bcgMV9tYfXUM7Re2ngEk4M=,tag:XrlYHyhVujhhWul3czSTDg==,type:str]
vaultwarden: vaultwarden:
@ -39,8 +39,9 @@ sops:
RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A
fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ== fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-07T21:42:51Z" lastmodified: "2024-09-08T00:14:52Z"
mac: ENC[AES256_GCM,data:vxl36zjB978nOMO49YFYSyoKM9rX5NT0kJh5nruGU7a0RxcvQrN3sSHZCfes7uFAvEGiFO4YG3LCiMDuUCZYCTV3nMLnu7aAjqDhcSQqcCYieBx4V9wYSdFqebP9asvArOVUN3hL9xze++q+IvxYYISL1EPlWpAF+SdGVMykGDE=,iv:1wW/OHd+A0qupzXn11est/nPGcGJSg8YxyU0hKzTT1k=,tag:YHgeE0ycLRIqAPv4HNpSjg==,type:str] mac: ENC[AES256_GCM,data:sWrspq+LTJfKUqdE7HZTdqw9jCR3uDkDmv9pz4Sh698QsUqXX3qFsDqQfCs3OLCClUmIYkvQqWgE7QNglhZcz+HMNGLKihpHmGl8Go/ltQCj4s/KM4mt7PAYSUPKag/uO7HTA7JIs2cwzCVLIjttkDUzyFwsff52pqX71np2qFE=,iv:GHPcsjxDtNBb3zvku5+VOXepwpGMjqaFt4qaNGcGKV8=,tag:Xy1MAUJo9IA04w8+/ECyiQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1