WIP ddns module

2024-09-06 09:04:32 -05:00 · 2024-09-06 09:04:32 -05:00 · d68b988bbe
parent 39eef52762
commit d68b988bbe
2 changed files with 90 additions and 2 deletions
--- a/modules/nixos/deno-netlify-ddns-client.nix
+++ b/modules/nixos/deno-netlify-ddns-client.nix
@ -0,0 +1,87 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}: let
+  inherit (lib) mkEnableOption mkOption types mkIf;
+  inherit (lib.strings) optionalString;
+  cfg = config.services.deno-netlify-ddns-client;
+in {
+  options.services.deno-netlify-ddns-client = {
+    enable = mkEnableOption "Enable the deno-netlify-ddns client.";
+    username = mkOption {
+      type = types.str;
+    };
+    passwordFile = mkOption {
+      type = types.str;
+    };
+    endpoint = mkOption {
+      type = types.str;
+      default = "https://netlify-ddns.deno.dev";
+    };
+    ipv4 = mkOption {
+      type = types.bool;
+      default = true;
+    };
+    ipv6 = mkOption {
+      type = types.bool;
+      default = true;
+    };
+    requestTimeout = mkOption {
+      type = types.int;
+      description = "The maximum number of seconds before the HTTP request times out.";
+      default = 30;
+    };
+    afterBootTime = mkOption {
+      type = types.str;
+      description = "A systemd.timers timespan. This option corresponds to the OnBootSec field in the timerConfig.";
+      default = "5m";
+    };
+    every = mkOption {
+      type = types.str;
+      description = "A systemd.timers timespan. This option corresponds to the OnUnitActiveSec field in the timerConfig.";
+      default = "5m";
+    };
+  };
+
+  config = {
+    systemd.timers.deno-netlify-ddns-client = {
+      enable = mkIf cfg.enable true;
+      after = ["network.target"];
+      wantedBy = ["timers.target"];
+      timerConfig = {
+        OnBootSec = cfg.afterBootTime;
+        OnUnitActiveSec = cfg.every;
+        Unit = "deno-netlify-ddns-client.service";
+      };
+    };
+
+    systemd.services.deno-netlify-ddns-client = {
+      enable = mkIf cfg.enable true;
+      after = ["network.target"];
+      script = ''
+        set -eu
+        password="$(cat "${cfg.passwordFile}")"
+        ${optionalString cfg.ipv4 ''
+          ${pkgs.curl}/bin/curl -4 -s \
+            -X POST \
+            --max-time ${cfg.requestTimeout} \
+            -u "${cfg.username}:''${password}" \
+            -L "${cfg.endpoint}/v1/netlify-ddns/replace-all-relevant-user-dns-records"
+        ''}
+        ${optionalString cfg.ipv6 ''
+          ${pkgs.curl}/bin/curl -6 -s \
+            -X POST \
+            --max-time ${cfg.requestTimeout} \
+            -u "${cfg.username}:''${password}" \
+            -L "${cfg.endpoint}/v1/netlify-ddns/replace-all-relevant-user-dns-records"
+        ''}
+      '';
+      serviceConfig = {
+        Type = "oneshot";
+        User = "root";
+      };
+    };
+  };
+}
--- a/secrets/beefcake/secrets.yml
+++ b/secrets/beefcake/secrets.yml
@ -13,6 +13,7 @@ plausible-admin-password: ENC[AES256_GCM,data:dC9olypZgMLdPOsmjthOaa/fMLtbGBlF9A
 plausible-erlang-cookie: ENC[AES256_GCM,data:zhmC+D6EjIE8Rw91lIrMqY0QIazTX1e1jBzcZJP/76B9VvHWZ5bCkP1+KdfCY0lk3wIEq5vRfb8=,iv:RNNjlV3OFtXn1N0a5fEb/3FWzcHX19wtCLMdaVlKNJ0=,tag:8iU5oFVbzd0eMe5Mo1PiAw==,type:str]
 plausible-secret-key-base: ENC[AES256_GCM,data:ylakPGzY4S9640krl0fxYgm0Getf0+I7zthyTqTD/IpVhz5xgYBYx3Y2lSNa9Oi9yQ7+f9OdOBC6nc7n6MuUBg==,iv:YLPax/cRjMdIFti26gJd8COKr+3jXNZ7HCA5VvQVyAo=,tag:LHqYi590oEIp1IihLcFTtw==,type:str]
 nextcloud-admin-password: ENC[AES256_GCM,data:QaoSZyommeGED3nWNru92UVO2tjk24HE9fWX7ExYT101o4ZL411TmV1TXHSyfwjmE7yLIm1K/j4xpEbIY3zvFg==,iv:xC5EZVPHumVPOob5jiiXMFAmdFQcFSUPtZgioAgGDDs=,tag:Q/kY38XWkGsqcmCkd2lodg==,type:str]
+netlify-ddns.env: ENC[AES256_GCM,data:HWy7RCUATwsPUMpLFstC2vPq4ErOPTQ+DzfQei9w0nCBKpdhzRJWb5+FAyQBmQBENn3cmrOThe6bRhuJabl2UMvp2/om0U1MF3N00sq+4dFhtvZZ6TaKBxhHMr0EIGAYdpDuJ1PXyXtKzDYPhFiGPAYb5GTe6U0+aF/pM9l6p3vMAz9GmnGD4eK7iMFZhrF4gLVKYbDx4rtWv4U9fjpUOf0/y+b+L+JFTrukzQ==,iv:8uNv3m01SEmrKVUTy+okac2HyWWCYPMiv/kO+/IZ+xE=,tag:+9AkWJSKw6L3HrPfL58QSg==,type:str]
 #ENC[AES256_GCM,data:IDauOj95sPt6LQkNWOaAV3AR7XPHJljX7Gef/IgtzC227ln7aKpVLCbhxD6pNTwd9/KhIXJp3vagCjfgkO/utA==,iv:Pn5jIPsFMBA2xnp3SUBgBug1NN8d3h3zy1pGVzO2hO0=,tag:NzhLA7nqE7SRRMV+rKgCjQ==,type:comment]
 forgejo-runner.env: ENC[AES256_GCM,data:10wKRImXKS7ezcWnkwz7ak194snQ4wG8GBePeHXN1I23JfOvuD00427fOJ4jbCY=,iv:8jrmcXa2yqFTSf4fFnZXCuyGft90RzUO3S4rZGXaTDI=,tag:EGDqTK8GKBGfogkqkCODxg==,type:str]
 jland.env: ENC[AES256_GCM,data:u+QKwKWG9NFduuofhe3aatof3KoC0N4ZpNOD8E/7l0BTSoTe5Tqmz5/33EOcBUw99+YLFR4kTJwdUmLWHk4UD87aGsJ4liPCtXnBsToAzBGg0I3mhGQ/QM8iKXMW9oKb3ciapitQBuJa1WIp5/bHNtCXWQ==,iv:iZDET5EWM4DnAoQqLP9+Ll4S+mFHt2wZ3ENtN79Dbqw=,tag:qVpocN3FxlHfte2hAmtGPA==,type:str]
@ -44,8 +45,8 @@ sops:
            bGpacHFRSkJYUUMwOEh4cVBXZ1NESmsKa5EhZ7148ojCqZldukLcPLr93HqnpNgq
            rMI0Nyz4Z4lkTVMRpA94zyNTkNwJ02/CYcKi8EJi6jGZnNPUTcnTwg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-09-04T15:59:57Z"
-    mac: ENC[AES256_GCM,data:QDjNbqIMvZ+8hRd2jdywNiEoUrS3DXoLqmvgCTSWOjc4oT3zzhiS/4+fziPEK/eYDwi1XgA5+tZaINsZI8j9DCCq2R/I65Thv0WMaD3yUERsyf0zef3XcdhmxP4jkbeQ1NoIvd9G0uBtGWNn3cvjf4SuBK5ulmLLzGf92dTdd9g=,iv:Z0pcPzYpQLc+q3XDxEcb0g0lls7iWW5XZfkjl1tKhHU=,tag:rI+o0I/NHSYhIbEBJ7/c4g==,type:str]
+    lastmodified: "2024-09-06T13:45:54Z"
+    mac: ENC[AES256_GCM,data:eK+7MfeVtdNxlnBOgAuz9QIpXQMo0e8SXnDVmwMbB6nILti7Z9CRe/XHxriH5+eml5QOqi2t9YIjhYa27V89VBP/d/NSMh1IXBkYfCE+jFhaG6ParI5Y4+pJH7EijQ4RpBrOnlCr1+e84HiuJoqyU4/V7vdorYZOXVWxATs5vRw=,iv:YEHqy/Pzt7GLbuumAzvcMcavB8Rkt+hEyD+lH/++Fiw=,tag:fIrdz2fouKZ86MgAZ0f0zA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.0