config/profiles/domeneshop-dyndns.nix

96 lines
3.3 KiB
Nix
Raw Permalink Normal View History

2023-10-15 03:35:35 +02:00
{ config, pkgs, lib, inputs, ... }:
2023-03-11 00:30:24 +01:00
let
cfg = config.services.domeneshop-updater;
in
2023-02-25 01:29:13 +01:00
{
# auto domain update
# TODO: ensure dns64 does not interfere with this
2023-03-11 00:30:24 +01:00
options = with lib; {
2023-06-23 21:14:55 +02:00
services.domeneshop-updater.targets = mkOption {
type = with types; listOf str;
example = [ config.networking.fqdn ];
2023-02-25 01:29:13 +01:00
};
};
2023-03-11 00:30:24 +01:00
2023-10-15 03:35:35 +02:00
config = lib.mkIf (cfg.targets != []) {
users.users.domeneshop.isSystemUser = true;
users.users.domeneshop.group = "domeneshop";
users.groups.domeneshop = {};
sops.secrets."domeneshop/token".sopsFile = "${inputs.self}/secrets/dns.yaml";
sops.secrets."domeneshop/token".owner = "domeneshop";
sops.secrets."domeneshop/token".group = "domeneshop";
sops.secrets."domeneshop/secret".sopsFile = "${inputs.self}/secrets/dns.yaml";
sops.secrets."domeneshop/secret".owner = "domeneshop";
sops.secrets."domeneshop/secret".group = "domeneshop";
2023-03-11 00:30:24 +01:00
systemd.services.domeneshop-updater = {
description = "domene.shop dyndns domain updater";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
serviceConfig = let
prog = pkgs.writeShellApplication {
name = "domeneshop-dyndns-updater.sh";
runtimeInputs = with pkgs; [ curl iproute2 jq ];
2023-03-11 00:30:24 +01:00
text = ''
2023-10-15 03:35:35 +02:00
test -s /run/secrets/domeneshop/token || {
>&2 echo "ERROR: /run/secrets/domeneshop/token not found!"
2023-03-11 00:30:24 +01:00
exit 1
}
2023-10-15 03:35:35 +02:00
test -s /run/secrets/domeneshop/secret || {
>&2 echo "ERROR: /run/secrets/domeneshop/secret not found!"
exit 1
}
DOMENESHOP_TOKEN="$( cat /run/secrets/domeneshop/token)"
DOMENESHOP_SECRET="$(cat /run/secrets/domeneshop/secret)"
# get stable ipv6 addr, fallback to ipv4, fallback to curl default
IF=$(
ip -6 -json addr show scope global -temporary \
| jq '.[]| select(.ifname|contains("docker")|not) | .addr_info[].local | select(.==null|not)' -r \
| head -n1
)
if [[ -z "$IF" ]]; then
IF=$(
ip -4 -json addr show scope global -temporary \
| jq '.[]| select(.ifname|contains("docker")|not) | .addr_info[].local | select(.==null|not)' -r \
| head -n1
)
fi
if [[ -n "$IF" ]]; then
IF="--interface $IF"
else
IF=""
fi
2023-06-23 21:14:55 +02:00
${lib.concatMapStringsSep "\n" (target: ''
# shellcheck disable=SC2086
curl $IF https://"$DOMENESHOP_TOKEN":"$DOMENESHOP_SECRET"@api.domeneshop.no/v0/dyndns/update?hostname="${target}"
2023-06-23 21:14:55 +02:00
'') cfg.targets}
2023-03-11 00:30:24 +01:00
'';
};
in {
User = "domeneshop";
Group = "domeneshop";
2023-10-03 14:11:23 +02:00
#DynamicUser = true; # maybe re-enable when sops-nix is in place?
2023-03-11 00:30:24 +01:00
ExecStart = "${prog}/bin/domeneshop-dyndns-updater.sh";
PrivateTmp = true;
};
2023-02-25 01:29:13 +01:00
};
2023-03-11 00:30:24 +01:00
systemd.timers.domeneshop-updater = let interval = "2h"; in {
description = "Update domene.shop every ${interval}";
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "5m";
OnUnitInactiveSec = interval;
Unit = "domeneshop-updater.service";
};
};
2023-02-25 01:29:13 +01:00
};
}