diff --git a/hosts/gerg-desktop/secrets.yaml b/hosts/gerg-desktop/secrets.yaml index 19f4964..ad08a55 100644 --- a/hosts/gerg-desktop/secrets.yaml +++ b/hosts/gerg-desktop/secrets.yaml @@ -1,3 +1,4 @@ +cloudflare: ENC[AES256_GCM,data:yoP4ypD6gD6ZBbuFIzT9nJxgwky1ev1jpaOOyEVMpeShQa3/zR4GCA==,iv:Vx6sHF/k0gkIf8S7hGtHPPM8gOBJKg30QbqZgQ0tvHg=,tag:vh8v8Fu7wMs1Opw7dZvkrg==,type:str] discordenv: ENC[AES256_GCM,data:dzl1FaBUPiiGR8hOmUVDulGnS9wBwX0ddYYV/euilrrHGO8GiktfENSLLIPpqNm1jSoO8zIs10/tTeQLGPtN5yUhF5lYhcjupows20Cd/Nn0OwDuLfXZmO3dAbN4hvsbGnJpnDOEB2EvqRZSQPxH8eLc0Do0hryjnrIYuKpN,iv:uWGY3XAbgFg1ZyI7J1/Q+UOdc5mReYvVq9uLFqfmadw=,tag:+ZlVbJ5ZyahaG1V3H+MVpQ==,type:str] searxngenv: ENC[AES256_GCM,data:HtH4KxXWoQEJp88Bgfhfj5Y4Up+inHu8mnVtay64XvCRpVKHF/kceC3XwT9C3IdXpQ==,iv:iXK8hOFoEnM5wFUZhC8IOdHzPhwPDHtTL8MmS5FSlns=,tag:TZHTB7ia5Qq2f2fETJOpEA==,type:str] minifluxenv: ENC[AES256_GCM,data:wgz6sxSbbjXrgBAak0Q0TlvG78+JHPpiPtcbqGo9HpSF3qY78edECCDB3qqIaynxdhI4,iv:mbsr+OG8fE5MggmC+TNkLmhhDNGvJo+uelNRo/rMLoo=,tag:xN+FbNHZIVCruQh23aMt5g==,type:str] @@ -23,8 +24,8 @@ sops: dGhDRXRTWE9xSGtxQU80RVpuL1A5MkEKxAxC/wDkq+6hM8eXkWd/RBDNIUtGYnPy MvVxB6dkj+S11oRcMpdFqiM9jSzz/gYecB2tfuDgj+UX/VAzSkvPxA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-09-20T22:58:46Z" - mac: ENC[AES256_GCM,data:9H2GYiOCifDR2yv/rju2/5Gc5DfovhhS3c1IFCqvLdaWZGcwvXx4/72YnOjtZ3VNB4XSsuDSGU07wEZp+6pRtBJ7Zdq2bF2bzbZHt32hTNv1BYKNMaJpebOO0I2+DH4qWMhqDYW7leZqNsApir75/O/ixjwzomTiXmwUi7jrkYU=,iv:zjMl+DfPa2S9C+pEmBxjnPTdvY1P1s/ISN3st/jvnDk=,tag:wbc8OIgsC+oEE75M5U0jhQ==,type:str] + lastmodified: "2023-09-29T03:41:47Z" + mac: ENC[AES256_GCM,data:l8NkKfp3NCn7zOX4HT56kA2PHAPdaMOCPAw+jsiIFaUMeO80KgpdjOfzluOgL+vrp9xm3FQsbwMyr106WkOU5pSIigi1nvXRKnLeuxpjBI6lppeNl9vj6JhJkECHqAdoy5XWmQmRopu89OP2cdlIiU+eykZ9eXSexEp2zGl16U4=,iv:9dXbt8Qi2gqY6M5ySFuxqZbvjPkls0Gbrzdm1j+IyAA=,tag:bgMXWdIQbYiq6GwJwpxkqA==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.0 diff --git a/hosts/gerg-desktop/services/ddns.nix b/hosts/gerg-desktop/services/ddns.nix new file mode 100644 index 0000000..83b61d8 --- /dev/null +++ b/hosts/gerg-desktop/services/ddns.nix @@ -0,0 +1,82 @@ +_: +{ config, pkgs, ... }: +{ + sops.secrets.cloudflare = { }; + + systemd.services.ddns = { + wantedBy = [ "multi-user.target" ]; + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + startAt = "*:0/30"; + + serviceConfig = { + LoadCredential = "token:${config.sops.secrets.cloudflare.path}"; + DynamicUser = true; + }; + + path = [ + pkgs.netcat + pkgs.jq + pkgs.curl + ]; + + script = '' + if ! nc -zw1 google.com 443 &>/dev/null; then + echo No Internet access... bailing early + exit 0 + fi + + AUTH="$(cat "$CREDENTIALS_DIRECTORY/token")" + + IP=$(grep -oP '^((?!fe80).).{22}ffee.{5}' /proc/net/if_inet6 | sed -E 's/(.{4})/\1:/g; s/.$//') + + func () { + RECORD="$1" + ZONE="$2" + PROXY="''${3:-"true"}" + + + REQ=$(curl --silent \ + --request GET \ + --url "https://api.cloudflare.com/client/v4/zones/$ZONE/dns_records" \ + --header 'Content-Type: application/json' \ + --header "Authorization: Bearer $AUTH" + ) + + readarray -t AR < <(jq -r '.result[].name' <<< "$REQ") + + for i in "''${!AR[@]}"; do + if [ "''${AR[i]}" == "$RECORD" ]; then + ID=$(jq -r ".result[$i].id" <<< "$REQ") + if [ "$(jq -r ".result[$i].content" <<< "$REQ")" == "$IP" ]; then + echo "IP was the same, returing early" + return 0 + fi + break + fi + done + + + curl --silent \ + --request PATCH \ + --url "https://api.cloudflare.com/client/v4/zones/$ZONE/dns_records/$ID" \ + --header "Authorization: Bearer $AUTH" \ + --header "Content-Type: application/json" \ + --data "{ + \"content\": \"$IP\", + \"name\": \"$RECORD\", + \"proxied\": $PROXY, + \"type\": \"AAAA\", + \"comment\": \"\", + \"tags\": [], + \"ttl\": 1 + }" + } + + func "*.gerg-l.com" "8f76f071c5edbc0f947a5c5f9c5df9f8" + func "minecraft.gerg-l.com" "8f76f071c5edbc0f947a5c5f9c5df9f8" "false" + func "*.nix-fu.com" "cc2df9163c3730f58b866409ac5a108c" + func "nix-fu.com" "cc2df9163c3730f58b866409ac5a108c" + ''; + }; +}