From d68b988bbed55f56dbf2c1c69ff96180f5b8de6a Mon Sep 17 00:00:00 2001 From: Daniel Flanagan Date: Fri, 6 Sep 2024 09:04:32 -0500 Subject: [PATCH] WIP ddns module --- modules/nixos/deno-netlify-ddns-client.nix | 87 ++++++++++++++++++++++ secrets/beefcake/secrets.yml | 5 +- 2 files changed, 90 insertions(+), 2 deletions(-) create mode 100644 modules/nixos/deno-netlify-ddns-client.nix diff --git a/modules/nixos/deno-netlify-ddns-client.nix b/modules/nixos/deno-netlify-ddns-client.nix new file mode 100644 index 0000000..9912b3e --- /dev/null +++ b/modules/nixos/deno-netlify-ddns-client.nix @@ -0,0 +1,87 @@ +{ + lib, + config, + pkgs, + ... +}: let + inherit (lib) mkEnableOption mkOption types mkIf; + inherit (lib.strings) optionalString; + cfg = config.services.deno-netlify-ddns-client; +in { + options.services.deno-netlify-ddns-client = { + enable = mkEnableOption "Enable the deno-netlify-ddns client."; + username = mkOption { + type = types.str; + }; + passwordFile = mkOption { + type = types.str; + }; + endpoint = mkOption { + type = types.str; + default = "https://netlify-ddns.deno.dev"; + }; + ipv4 = mkOption { + type = types.bool; + default = true; + }; + ipv6 = mkOption { + type = types.bool; + default = true; + }; + requestTimeout = mkOption { + type = types.int; + description = "The maximum number of seconds before the HTTP request times out."; + default = 30; + }; + afterBootTime = mkOption { + type = types.str; + description = "A systemd.timers timespan. This option corresponds to the OnBootSec field in the timerConfig."; + default = "5m"; + }; + every = mkOption { + type = types.str; + description = "A systemd.timers timespan. This option corresponds to the OnUnitActiveSec field in the timerConfig."; + default = "5m"; + }; + }; + + config = { + systemd.timers.deno-netlify-ddns-client = { + enable = mkIf cfg.enable true; + after = ["network.target"]; + wantedBy = ["timers.target"]; + timerConfig = { + OnBootSec = cfg.afterBootTime; + OnUnitActiveSec = cfg.every; + Unit = "deno-netlify-ddns-client.service"; + }; + }; + + systemd.services.deno-netlify-ddns-client = { + enable = mkIf cfg.enable true; + after = ["network.target"]; + script = '' + set -eu + password="$(cat "${cfg.passwordFile}")" + ${optionalString cfg.ipv4 '' + ${pkgs.curl}/bin/curl -4 -s \ + -X POST \ + --max-time ${cfg.requestTimeout} \ + -u "${cfg.username}:''${password}" \ + -L "${cfg.endpoint}/v1/netlify-ddns/replace-all-relevant-user-dns-records" + ''} + ${optionalString cfg.ipv6 '' + ${pkgs.curl}/bin/curl -6 -s \ + -X POST \ + --max-time ${cfg.requestTimeout} \ + -u "${cfg.username}:''${password}" \ + -L "${cfg.endpoint}/v1/netlify-ddns/replace-all-relevant-user-dns-records" + ''} + ''; + serviceConfig = { + Type = "oneshot"; + User = "root"; + }; + }; + }; +} diff --git a/secrets/beefcake/secrets.yml b/secrets/beefcake/secrets.yml index 40bc808..5f2d458 100644 --- a/secrets/beefcake/secrets.yml +++ b/secrets/beefcake/secrets.yml @@ -13,6 +13,7 @@ plausible-admin-password: ENC[AES256_GCM,data:dC9olypZgMLdPOsmjthOaa/fMLtbGBlF9A plausible-erlang-cookie: ENC[AES256_GCM,data:zhmC+D6EjIE8Rw91lIrMqY0QIazTX1e1jBzcZJP/76B9VvHWZ5bCkP1+KdfCY0lk3wIEq5vRfb8=,iv:RNNjlV3OFtXn1N0a5fEb/3FWzcHX19wtCLMdaVlKNJ0=,tag:8iU5oFVbzd0eMe5Mo1PiAw==,type:str] plausible-secret-key-base: ENC[AES256_GCM,data:ylakPGzY4S9640krl0fxYgm0Getf0+I7zthyTqTD/IpVhz5xgYBYx3Y2lSNa9Oi9yQ7+f9OdOBC6nc7n6MuUBg==,iv:YLPax/cRjMdIFti26gJd8COKr+3jXNZ7HCA5VvQVyAo=,tag:LHqYi590oEIp1IihLcFTtw==,type:str] nextcloud-admin-password: ENC[AES256_GCM,data:QaoSZyommeGED3nWNru92UVO2tjk24HE9fWX7ExYT101o4ZL411TmV1TXHSyfwjmE7yLIm1K/j4xpEbIY3zvFg==,iv:xC5EZVPHumVPOob5jiiXMFAmdFQcFSUPtZgioAgGDDs=,tag:Q/kY38XWkGsqcmCkd2lodg==,type:str] +netlify-ddns.env: ENC[AES256_GCM,data:HWy7RCUATwsPUMpLFstC2vPq4ErOPTQ+DzfQei9w0nCBKpdhzRJWb5+FAyQBmQBENn3cmrOThe6bRhuJabl2UMvp2/om0U1MF3N00sq+4dFhtvZZ6TaKBxhHMr0EIGAYdpDuJ1PXyXtKzDYPhFiGPAYb5GTe6U0+aF/pM9l6p3vMAz9GmnGD4eK7iMFZhrF4gLVKYbDx4rtWv4U9fjpUOf0/y+b+L+JFTrukzQ==,iv:8uNv3m01SEmrKVUTy+okac2HyWWCYPMiv/kO+/IZ+xE=,tag:+9AkWJSKw6L3HrPfL58QSg==,type:str] #ENC[AES256_GCM,data:IDauOj95sPt6LQkNWOaAV3AR7XPHJljX7Gef/IgtzC227ln7aKpVLCbhxD6pNTwd9/KhIXJp3vagCjfgkO/utA==,iv:Pn5jIPsFMBA2xnp3SUBgBug1NN8d3h3zy1pGVzO2hO0=,tag:NzhLA7nqE7SRRMV+rKgCjQ==,type:comment] forgejo-runner.env: ENC[AES256_GCM,data:10wKRImXKS7ezcWnkwz7ak194snQ4wG8GBePeHXN1I23JfOvuD00427fOJ4jbCY=,iv:8jrmcXa2yqFTSf4fFnZXCuyGft90RzUO3S4rZGXaTDI=,tag:EGDqTK8GKBGfogkqkCODxg==,type:str] jland.env: ENC[AES256_GCM,data:u+QKwKWG9NFduuofhe3aatof3KoC0N4ZpNOD8E/7l0BTSoTe5Tqmz5/33EOcBUw99+YLFR4kTJwdUmLWHk4UD87aGsJ4liPCtXnBsToAzBGg0I3mhGQ/QM8iKXMW9oKb3ciapitQBuJa1WIp5/bHNtCXWQ==,iv:iZDET5EWM4DnAoQqLP9+Ll4S+mFHt2wZ3ENtN79Dbqw=,tag:qVpocN3FxlHfte2hAmtGPA==,type:str] @@ -44,8 +45,8 @@ sops: bGpacHFRSkJYUUMwOEh4cVBXZ1NESmsKa5EhZ7148ojCqZldukLcPLr93HqnpNgq rMI0Nyz4Z4lkTVMRpA94zyNTkNwJ02/CYcKi8EJi6jGZnNPUTcnTwg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-04T15:59:57Z" - mac: ENC[AES256_GCM,data:QDjNbqIMvZ+8hRd2jdywNiEoUrS3DXoLqmvgCTSWOjc4oT3zzhiS/4+fziPEK/eYDwi1XgA5+tZaINsZI8j9DCCq2R/I65Thv0WMaD3yUERsyf0zef3XcdhmxP4jkbeQ1NoIvd9G0uBtGWNn3cvjf4SuBK5ulmLLzGf92dTdd9g=,iv:Z0pcPzYpQLc+q3XDxEcb0g0lls7iWW5XZfkjl1tKhHU=,tag:rI+o0I/NHSYhIbEBJ7/c4g==,type:str] + lastmodified: "2024-09-06T13:45:54Z" + mac: ENC[AES256_GCM,data:eK+7MfeVtdNxlnBOgAuz9QIpXQMo0e8SXnDVmwMbB6nILti7Z9CRe/XHxriH5+eml5QOqi2t9YIjhYa27V89VBP/d/NSMh1IXBkYfCE+jFhaG6ParI5Y4+pJH7EijQ4RpBrOnlCr1+e84HiuJoqyU4/V7vdorYZOXVWxATs5vRw=,iv:YEHqy/Pzt7GLbuumAzvcMcavB8Rkt+hEyD+lH/++Fiw=,tag:fIrdz2fouKZ86MgAZ0f0zA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0