mirror of
https://git.feal.no/felixalb/nixos-config.git
synced 2024-12-22 20:17:31 +01:00
burnham: Add domeneshop-dyndns, make it a module
This commit is contained in:
parent
162134d951
commit
7cd7596d66
15
.sops.yaml
15
.sops.yaml
@ -1,4 +1,5 @@
|
|||||||
keys:
|
keys:
|
||||||
|
- &host_burnham age12cgkgx8xac77q0rwakp6zrfrzp45mhk7wj6t3y8s0xurt3k879usnm66ct
|
||||||
- &host_challenger age1j43eqpnq5hy6zt3gmdtzdnne2yfvccd832kpt69qavst44leec6sj2l773
|
- &host_challenger age1j43eqpnq5hy6zt3gmdtzdnne2yfvccd832kpt69qavst44leec6sj2l773
|
||||||
- &host_defiant age128md9emufxu35kgww3a90sw40vvc60f5xul9n9ndvw4lfnj3ndaqq44u64
|
- &host_defiant age128md9emufxu35kgww3a90sw40vvc60f5xul9n9ndvw4lfnj3ndaqq44u64
|
||||||
- &host_voyager age14jzavfeg47pgnrstea6yzvh3s3a578nj8hkk8g79vxyzpn86gslscp23qu
|
- &host_voyager age14jzavfeg47pgnrstea6yzvh3s3a578nj8hkk8g79vxyzpn86gslscp23qu
|
||||||
@ -12,10 +13,16 @@ creation_rules:
|
|||||||
- *user_felixalb
|
- *user_felixalb
|
||||||
|
|
||||||
# Host specific secrets
|
# Host specific secrets
|
||||||
- path_regex: secrets/voyager/[^/]+\.yaml$
|
- path_regex: secrets/burnham/[^/]+\.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *host_voyager
|
- *host_burnham
|
||||||
|
- *user_felixalb
|
||||||
|
|
||||||
|
- path_regex: secrets/challenger/[^/]+\.yaml$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *host_challenger
|
||||||
- *user_felixalb
|
- *user_felixalb
|
||||||
|
|
||||||
- path_regex: secrets/defiant/[^/]+\.yaml$
|
- path_regex: secrets/defiant/[^/]+\.yaml$
|
||||||
@ -24,8 +31,8 @@ creation_rules:
|
|||||||
- *host_defiant
|
- *host_defiant
|
||||||
- *user_felixalb
|
- *user_felixalb
|
||||||
|
|
||||||
- path_regex: secrets/challenger/[^/]+\.yaml$
|
- path_regex: secrets/voyager/[^/]+\.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *host_challenger
|
- *host_voyager
|
||||||
- *user_felixalb
|
- *user_felixalb
|
||||||
|
45
common/domeneshop-dyndns.nix
Normal file
45
common/domeneshop-dyndns.nix
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.domeneshop-dyndns;
|
||||||
|
in {
|
||||||
|
options.services.domeneshop-dyndns = {
|
||||||
|
enable = lib.mkEnableOption "Domeneshop DynDNS";
|
||||||
|
|
||||||
|
domain = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
description = "Domain name to configure";
|
||||||
|
};
|
||||||
|
|
||||||
|
environmentFile = lib.mkOption {
|
||||||
|
type = lib.types.path;
|
||||||
|
description = "Path to the file that sets DDNS_TOKEN and DDNS_SERET from https://www.domeneshop.no/admin?view=api";
|
||||||
|
};
|
||||||
|
|
||||||
|
startAt = lib.mkOption {
|
||||||
|
type = lib.types.str;
|
||||||
|
default = "*/10 * * * *";
|
||||||
|
description = "Systemd onCalendar expression for when to run the timer";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
systemd.services.domeneshop-dyndns = {
|
||||||
|
serviceConfig.EnvironmentFile = cfg.environmentFile;
|
||||||
|
startAt = cfg.startAt;
|
||||||
|
|
||||||
|
script = ''
|
||||||
|
DNSNAME="${cfg.domain}"
|
||||||
|
NEW_IP="$(${lib.getExe pkgs.curl} --silent https://ipinfo.io/ip)"
|
||||||
|
OLD_IP="$(${lib.getExe pkgs.getent} hosts "$DNSNAME" | ${lib.getExe pkgs.gawk} '{ print $1 }')"
|
||||||
|
|
||||||
|
if [[ "$NEW_IP" != "$OLD_IP" ]]; then
|
||||||
|
echo "Old IP ($OLD_IP) does not match new IP ($NEW_IP), updating..."
|
||||||
|
${lib.getExe pkgs.curl} --silent "https://$DDNS_TOKEN:$DDNS_SECRET@api.domeneshop.no/v0/dyndns/update?hostname=$DNSNAME&myip=$NEW_IP"
|
||||||
|
else
|
||||||
|
echo "Old IP ($OLD_IP) matches new IP ($NEW_IP), exiting..."
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
@ -76,6 +76,7 @@
|
|||||||
({ config, pkgs, ... }: { nixpkgs.overlays = [ pkgs-overlay ]; })
|
({ config, pkgs, ... }: { nixpkgs.overlays = [ pkgs-overlay ]; })
|
||||||
|
|
||||||
./hosts/defiant/configuration.nix
|
./hosts/defiant/configuration.nix
|
||||||
|
./common/domeneshop-dyndns.nix
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
matrix-synapse-next.nixosModules.default
|
matrix-synapse-next.nixosModules.default
|
||||||
home-manager.nixosModules.home-manager {
|
home-manager.nixosModules.home-manager {
|
||||||
@ -113,6 +114,7 @@
|
|||||||
({ config, pkgs, ... }: { nixpkgs.overlays = [ pkgs-overlay ]; })
|
({ config, pkgs, ... }: { nixpkgs.overlays = [ pkgs-overlay ]; })
|
||||||
|
|
||||||
./hosts/burnham/configuration.nix
|
./hosts/burnham/configuration.nix
|
||||||
|
./common/domeneshop-dyndns.nix
|
||||||
sops-nix.nixosModules.sops
|
sops-nix.nixosModules.sops
|
||||||
home-manager.nixosModules.home-manager {
|
home-manager.nixosModules.home-manager {
|
||||||
home-manager.useGlobalPkgs = true;
|
home-manager.useGlobalPkgs = true;
|
||||||
|
@ -11,8 +11,9 @@
|
|||||||
./services/wireguard.nix
|
./services/wireguard.nix
|
||||||
|
|
||||||
# Other
|
# Other
|
||||||
./services/thelounge.nix
|
./services/dyndns.nix
|
||||||
./services/nginx.nix
|
./services/nginx.nix
|
||||||
|
./services/thelounge.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = lib.mkForce false;
|
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||||
@ -30,7 +31,7 @@
|
|||||||
hostId = "8e24f235";
|
hostId = "8e24f235";
|
||||||
};
|
};
|
||||||
|
|
||||||
# sops.defaultSopsFile = ../../secrets/burnham/burnham.yaml;
|
sops.defaultSopsFile = ../../secrets/burnham/burnham.yaml;
|
||||||
|
|
||||||
environment.variables = { EDITOR = "vim"; };
|
environment.variables = { EDITOR = "vim"; };
|
||||||
|
|
||||||
|
11
hosts/burnham/services/dyndns.nix
Normal file
11
hosts/burnham/services/dyndns.nix
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
sops.secrets."domeneshop/env" = { };
|
||||||
|
|
||||||
|
services.domeneshop-dyndns = {
|
||||||
|
enable = true;
|
||||||
|
domain = "site2.feal.no";
|
||||||
|
environmentFile = config.sops.secrets."domeneshop/env".path;
|
||||||
|
};
|
||||||
|
}
|
@ -1,26 +1,11 @@
|
|||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
let
|
{
|
||||||
dnsname = "site3.feal.no";
|
|
||||||
in {
|
|
||||||
# Defines DDNS_TOKEN and DDNS_SECRET from https://domene.shop/admin?view=api
|
|
||||||
sops.secrets."domeneshop/env" = { };
|
sops.secrets."domeneshop/env" = { };
|
||||||
|
|
||||||
systemd.services.domeneshop-dyndns = {
|
services.domeneshop-dyndns = {
|
||||||
serviceConfig.EnvironmentFile = config.sops.secrets."domeneshop/env".path;
|
enable = true;
|
||||||
startAt = "*/10 * * * *";
|
domain = "site3.feal.no";
|
||||||
|
environmentFile = config.sops.secrets."domeneshop/env".path;
|
||||||
script = ''
|
|
||||||
DNSNAME="${dnsname}"
|
|
||||||
NEW_IP="$(${lib.getExe pkgs.curl} --silent https://ipinfo.io/ip)"
|
|
||||||
OLD_IP="$(${lib.getExe pkgs.getent} hosts "$DNSNAME" | ${lib.getExe pkgs.gawk} '{ print $1 }')"
|
|
||||||
|
|
||||||
if [[ "$NEW_IP" != "$OLD_IP" ]]; then
|
|
||||||
echo "Old IP ($OLD_IP) does not match new IP ($NEW_IP), updating..."
|
|
||||||
${lib.getExe pkgs.curl} --silent "https://$DDNS_TOKEN:$DDNS_SECRET@api.domeneshop.no/v0/dyndns/update?hostname=$DNSNAME&myip=$NEW_IP"
|
|
||||||
else
|
|
||||||
echo "Old IP ($OLD_IP) matches new IP ($NEW_IP), exiting..."
|
|
||||||
fi
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
31
secrets/burnham/burnham.yaml
Normal file
31
secrets/burnham/burnham.yaml
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
domeneshop:
|
||||||
|
env: ENC[AES256_GCM,data:MMzTECLowcUBvpXKKsqOTl03V244VcdO8ddXiboYJJtiPBlmBL4cVTSE3QzzWIlR0iNUlLtQlI9E8RIjys602tNMbWxqaJsyiRAFKS9pnOjhrIVH5dLaXLtxwk2Xp/Spg5aObwmgoP8=,iv:LMR1XBIT2x0RZ92hCTQAlHvOyX+ZXk0PrpGtNAWyLas=,tag:A6r1/+imJ7T4OwZcFIVKcQ==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age12cgkgx8xac77q0rwakp6zrfrzp45mhk7wj6t3y8s0xurt3k879usnm66ct
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5ME5FZGNUYyttQ002ZEdk
|
||||||
|
MjZ5YkRGWVE3UTBNVzR6SjV3T01QSnRrcVVvClpiSHFIL3NoOUtjSG9NU3M3T0pS
|
||||||
|
N01DK2RLREFGV2Rnc2ZrR3prL2pRNmMKLS0tIFRzLzNzb2QwTFovOENpeW9LZFVT
|
||||||
|
UWc1ZFFibVBIckVRZWxvbGZVUG1YRUkKlSBUOi8E1D30qVnYoydMM/rmE5uOrbqG
|
||||||
|
MUBb8fk4OC4e8mDs/x/qBMMgMWLnma251Aehg+4SodemJi8RhKhR8g==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZN3lIMHNySFZLdUpTTXh0
|
||||||
|
d0xDTlppY3V4ZGxsL3ZITzJmY2Joa2J6MzJJCmV1MmpSYVZ4OU4wNXlXN1ZmUGdp
|
||||||
|
RFNLcTlmNld4U1Y4VEJRTlZTdXg2ME0KLS0tIHJlQnFrQzFraGhkU0xEVFMxbGlj
|
||||||
|
QUlhZ3dsdkZYbWxyTkNMQSsxNEVocTQK2tugbp8JDQR3KxZoMn8fSVRBc4oBvrhy
|
||||||
|
0Tz4vhejHbiQt0Xg8Im/1ucFGvbONExi4alu57noRqIoCe4AmNKQ+g==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-09-07T23:07:39Z"
|
||||||
|
mac: ENC[AES256_GCM,data:NM3a/DiyBZjsZvm+XXW8kyDOL1CpRsEt8Cya6TDJ/CY8259es+y6g9ImAtV1nF+/8X5qVInZ93xxRDWdoDeOG67TwYTgHHkGoz41S4Sf/YyGNzXj3+3eYZt2y4tW/BAWMxN1SiQjWKX4a3WVqs9X8EjmDC6yKFC7EX2DTXt+J1Y=,iv:LVbFCEg4NciZuongxrLTKTOWB1WoUvRfKuDaPxXxr3k=,tag:LSrOva26yn6jdkjP2kDYaA==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
Loading…
Reference in New Issue
Block a user