add dynamic dns systemd service

2025-12-10 00:43:56 -05:00 · 2023-09-28 23:47:08 -04:00 · 2023-09-28 23:47:08 -04:00 · f886faffa2
commit f886faffa2
parent 2cf574a768
2 changed files with 85 additions and 2 deletions
--- a/hosts/gerg-desktop/secrets.yaml
+++ b/hosts/gerg-desktop/secrets.yaml
@ -1,3 +1,4 @@
+cloudflare: ENC[AES256_GCM,data:yoP4ypD6gD6ZBbuFIzT9nJxgwky1ev1jpaOOyEVMpeShQa3/zR4GCA==,iv:Vx6sHF/k0gkIf8S7hGtHPPM8gOBJKg30QbqZgQ0tvHg=,tag:vh8v8Fu7wMs1Opw7dZvkrg==,type:str]
 discordenv: ENC[AES256_GCM,data:dzl1FaBUPiiGR8hOmUVDulGnS9wBwX0ddYYV/euilrrHGO8GiktfENSLLIPpqNm1jSoO8zIs10/tTeQLGPtN5yUhF5lYhcjupows20Cd/Nn0OwDuLfXZmO3dAbN4hvsbGnJpnDOEB2EvqRZSQPxH8eLc0Do0hryjnrIYuKpN,iv:uWGY3XAbgFg1ZyI7J1/Q+UOdc5mReYvVq9uLFqfmadw=,tag:+ZlVbJ5ZyahaG1V3H+MVpQ==,type:str]
 searxngenv: ENC[AES256_GCM,data:HtH4KxXWoQEJp88Bgfhfj5Y4Up+inHu8mnVtay64XvCRpVKHF/kceC3XwT9C3IdXpQ==,iv:iXK8hOFoEnM5wFUZhC8IOdHzPhwPDHtTL8MmS5FSlns=,tag:TZHTB7ia5Qq2f2fETJOpEA==,type:str]
 minifluxenv: ENC[AES256_GCM,data:wgz6sxSbbjXrgBAak0Q0TlvG78+JHPpiPtcbqGo9HpSF3qY78edECCDB3qqIaynxdhI4,iv:mbsr+OG8fE5MggmC+TNkLmhhDNGvJo+uelNRo/rMLoo=,tag:xN+FbNHZIVCruQh23aMt5g==,type:str]
@ -23,8 +24,8 @@ sops:
            dGhDRXRTWE9xSGtxQU80RVpuL1A5MkEKxAxC/wDkq+6hM8eXkWd/RBDNIUtGYnPy
            MvVxB6dkj+S11oRcMpdFqiM9jSzz/gYecB2tfuDgj+UX/VAzSkvPxA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-09-20T22:58:46Z"
-    mac: ENC[AES256_GCM,data:9H2GYiOCifDR2yv/rju2/5Gc5DfovhhS3c1IFCqvLdaWZGcwvXx4/72YnOjtZ3VNB4XSsuDSGU07wEZp+6pRtBJ7Zdq2bF2bzbZHt32hTNv1BYKNMaJpebOO0I2+DH4qWMhqDYW7leZqNsApir75/O/ixjwzomTiXmwUi7jrkYU=,iv:zjMl+DfPa2S9C+pEmBxjnPTdvY1P1s/ISN3st/jvnDk=,tag:wbc8OIgsC+oEE75M5U0jhQ==,type:str]
+    lastmodified: "2023-09-29T03:41:47Z"
+    mac: ENC[AES256_GCM,data:l8NkKfp3NCn7zOX4HT56kA2PHAPdaMOCPAw+jsiIFaUMeO80KgpdjOfzluOgL+vrp9xm3FQsbwMyr106WkOU5pSIigi1nvXRKnLeuxpjBI6lppeNl9vj6JhJkECHqAdoy5XWmQmRopu89OP2cdlIiU+eykZ9eXSexEp2zGl16U4=,iv:9dXbt8Qi2gqY6M5ySFuxqZbvjPkls0Gbrzdm1j+IyAA=,tag:bgMXWdIQbYiq6GwJwpxkqA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.0
--- a/hosts/gerg-desktop/services/ddns.nix
+++ b/hosts/gerg-desktop/services/ddns.nix
@ -0,0 +1,82 @@
+_:
+{ config, pkgs, ... }:
+{
+  sops.secrets.cloudflare = { };
+
+  systemd.services.ddns = {
+    wantedBy = [ "multi-user.target" ];
+    wants = [ "network-online.target" ];
+    after = [ "network-online.target" ];
+    startAt = "*:0/30";
+
+    serviceConfig = {
+      LoadCredential = "token:${config.sops.secrets.cloudflare.path}";
+      DynamicUser = true;
+    };
+
+    path = [
+      pkgs.netcat
+      pkgs.jq
+      pkgs.curl
+    ];
+
+    script = ''
+      if ! nc -zw1 google.com 443 &>/dev/null; then
+        echo No Internet access... bailing early
+        exit 0
+      fi
+
+      AUTH="$(cat "$CREDENTIALS_DIRECTORY/token")"
+
+      IP=$(grep -oP '^((?!fe80).).{22}ffee.{5}' /proc/net/if_inet6 | sed -E 's/(.{4})/\1:/g; s/.$//')
+
+      func () {
+        RECORD="$1"
+        ZONE="$2"
+        PROXY="''${3:-"true"}"
+
+
+        REQ=$(curl --silent \
+          --request GET \
+          --url "https://api.cloudflare.com/client/v4/zones/$ZONE/dns_records" \
+          --header 'Content-Type: application/json' \
+          --header "Authorization: Bearer $AUTH"
+        )
+
+        readarray -t AR < <(jq -r '.result[].name' <<< "$REQ")
+
+        for i in "''${!AR[@]}"; do
+          if [ "''${AR[i]}" == "$RECORD" ]; then
+            ID=$(jq -r ".result[$i].id" <<< "$REQ")
+            if [ "$(jq -r ".result[$i].content" <<< "$REQ")" == "$IP" ]; then
+              echo "IP was the same, returing early"
+              return 0
+            fi
+            break
+          fi
+        done
+
+
+        curl --silent \
+          --request PATCH \
+          --url "https://api.cloudflare.com/client/v4/zones/$ZONE/dns_records/$ID" \
+          --header "Authorization: Bearer $AUTH" \
+          --header "Content-Type: application/json" \
+          --data "{
+          \"content\": \"$IP\",
+          \"name\": \"$RECORD\",
+          \"proxied\": $PROXY,
+          \"type\": \"AAAA\",
+          \"comment\": \"\",
+          \"tags\": [],
+          \"ttl\":  1
+        }"
+      }
+
+      func "*.gerg-l.com" "8f76f071c5edbc0f947a5c5f9c5df9f8"
+      func "minecraft.gerg-l.com" "8f76f071c5edbc0f947a5c5f9c5df9f8" "false"
+      func "*.nix-fu.com" "cc2df9163c3730f58b866409ac5a108c"
+      func "nix-fu.com" "cc2df9163c3730f58b866409ac5a108c"
+    '';
+  };
+}