gerg-l/nixos
1
0
Fork 0
mirror of https://github.com/Gerg-L/nixos.git synced 2025-12-10 00:43:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

add dynamic dns systemd service

Browse source
This commit is contained in:
Gerg-L 2023-09-28 23:47:08 -04:00
parent 2cf574a768
commit f886faffa2
Signed by: gerg-l
SSH key fingerprint: SHA256:FPYDHIkvMocr4wdmZXpgpJjsb2Tw6rASs2ISPbOb0KI
2 changed files with 85 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
hosts/gerg-desktop/secrets.yaml
View file

@ -1,3 +1,4 @@
cloudflare: ENC[AES256_GCM,data:yoP4ypD6gD6ZBbuFIzT9nJxgwky1ev1jpaOOyEVMpeShQa3/zR4GCA==,iv:Vx6sHF/k0gkIf8S7hGtHPPM8gOBJKg30QbqZgQ0tvHg=,tag:vh8v8Fu7wMs1Opw7dZvkrg==,type:str]
discordenv: ENC[AES256_GCM,data:dzl1FaBUPiiGR8hOmUVDulGnS9wBwX0ddYYV/euilrrHGO8GiktfENSLLIPpqNm1jSoO8zIs10/tTeQLGPtN5yUhF5lYhcjupows20Cd/Nn0OwDuLfXZmO3dAbN4hvsbGnJpnDOEB2EvqRZSQPxH8eLc0Do0hryjnrIYuKpN,iv:uWGY3XAbgFg1ZyI7J1/Q+UOdc5mReYvVq9uLFqfmadw=,tag:+ZlVbJ5ZyahaG1V3H+MVpQ==,type:str] discordenv: ENC[AES256_GCM,data:dzl1FaBUPiiGR8hOmUVDulGnS9wBwX0ddYYV/euilrrHGO8GiktfENSLLIPpqNm1jSoO8zIs10/tTeQLGPtN5yUhF5lYhcjupows20Cd/Nn0OwDuLfXZmO3dAbN4hvsbGnJpnDOEB2EvqRZSQPxH8eLc0Do0hryjnrIYuKpN,iv:uWGY3XAbgFg1ZyI7J1/Q+UOdc5mReYvVq9uLFqfmadw=,tag:+ZlVbJ5ZyahaG1V3H+MVpQ==,type:str]
searxngenv: ENC[AES256_GCM,data:HtH4KxXWoQEJp88Bgfhfj5Y4Up+inHu8mnVtay64XvCRpVKHF/kceC3XwT9C3IdXpQ==,iv:iXK8hOFoEnM5wFUZhC8IOdHzPhwPDHtTL8MmS5FSlns=,tag:TZHTB7ia5Qq2f2fETJOpEA==,type:str] searxngenv: ENC[AES256_GCM,data:HtH4KxXWoQEJp88Bgfhfj5Y4Up+inHu8mnVtay64XvCRpVKHF/kceC3XwT9C3IdXpQ==,iv:iXK8hOFoEnM5wFUZhC8IOdHzPhwPDHtTL8MmS5FSlns=,tag:TZHTB7ia5Qq2f2fETJOpEA==,type:str]
minifluxenv: ENC[AES256_GCM,data:wgz6sxSbbjXrgBAak0Q0TlvG78+JHPpiPtcbqGo9HpSF3qY78edECCDB3qqIaynxdhI4,iv:mbsr+OG8fE5MggmC+TNkLmhhDNGvJo+uelNRo/rMLoo=,tag:xN+FbNHZIVCruQh23aMt5g==,type:str] minifluxenv: ENC[AES256_GCM,data:wgz6sxSbbjXrgBAak0Q0TlvG78+JHPpiPtcbqGo9HpSF3qY78edECCDB3qqIaynxdhI4,iv:mbsr+OG8fE5MggmC+TNkLmhhDNGvJo+uelNRo/rMLoo=,tag:xN+FbNHZIVCruQh23aMt5g==,type:str]
@ -23,8 +24,8 @@ sops:
dGhDRXRTWE9xSGtxQU80RVpuL1A5MkEKxAxC/wDkq+6hM8eXkWd/RBDNIUtGYnPy dGhDRXRTWE9xSGtxQU80RVpuL1A5MkEKxAxC/wDkq+6hM8eXkWd/RBDNIUtGYnPy
MvVxB6dkj+S11oRcMpdFqiM9jSzz/gYecB2tfuDgj+UX/VAzSkvPxA== MvVxB6dkj+S11oRcMpdFqiM9jSzz/gYecB2tfuDgj+UX/VAzSkvPxA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-20T22:58:46Z" lastmodified: "2023-09-29T03:41:47Z"
mac: ENC[AES256_GCM,data:9H2GYiOCifDR2yv/rju2/5Gc5DfovhhS3c1IFCqvLdaWZGcwvXx4/72YnOjtZ3VNB4XSsuDSGU07wEZp+6pRtBJ7Zdq2bF2bzbZHt32hTNv1BYKNMaJpebOO0I2+DH4qWMhqDYW7leZqNsApir75/O/ixjwzomTiXmwUi7jrkYU=,iv:zjMl+DfPa2S9C+pEmBxjnPTdvY1P1s/ISN3st/jvnDk=,tag:wbc8OIgsC+oEE75M5U0jhQ==,type:str] mac: ENC[AES256_GCM,data:l8NkKfp3NCn7zOX4HT56kA2PHAPdaMOCPAw+jsiIFaUMeO80KgpdjOfzluOgL+vrp9xm3FQsbwMyr106WkOU5pSIigi1nvXRKnLeuxpjBI6lppeNl9vj6JhJkECHqAdoy5XWmQmRopu89OP2cdlIiU+eykZ9eXSexEp2zGl16U4=,iv:9dXbt8Qi2gqY6M5ySFuxqZbvjPkls0Gbrzdm1j+IyAA=,tag:bgMXWdIQbYiq6GwJwpxkqA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.0 version: 3.8.0

82
hosts/gerg-desktop/services/ddns.nix Normal file
View file

@ -0,0 +1,82 @@
_:
{ config, pkgs, ... }:
{
sops.secrets.cloudflare = { };
systemd.services.ddns = {
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
startAt = "*:0/30";
serviceConfig = {
LoadCredential = "token:${config.sops.secrets.cloudflare.path}";
DynamicUser = true;
};
path = [
pkgs.netcat
pkgs.jq
pkgs.curl
];
script = ''
if ! nc -zw1 google.com 443 &>/dev/null; then
echo No Internet access... bailing early
exit 0
fi
AUTH="$(cat "$CREDENTIALS_DIRECTORY/token")"
IP=$(grep -oP '^((?!fe80).).{22}ffee.{5}' /proc/net/if_inet6 | sed -E 's/(.{4})/\1:/g; s/.$//')
func () {
RECORD="$1"
ZONE="$2"
PROXY="''${3:-"true"}"
REQ=$(curl --silent \
--request GET \
--url "https://api.cloudflare.com/client/v4/zones/$ZONE/dns_records" \
--header 'Content-Type: application/json' \
--header "Authorization: Bearer $AUTH"
)
readarray -t AR < <(jq -r '.result[].name' <<< "$REQ")
for i in "''${!AR[@]}"; do
if [ "''${AR[i]}" == "$RECORD" ]; then
ID=$(jq -r ".result[$i].id" <<< "$REQ")
if [ "$(jq -r ".result[$i].content" <<< "$REQ")" == "$IP" ]; then
echo "IP was the same, returing early"
return 0
fi
break
fi
done
curl --silent \
--request PATCH \
--url "https://api.cloudflare.com/client/v4/zones/$ZONE/dns_records/$ID" \
--header "Authorization: Bearer $AUTH" \
--header "Content-Type: application/json" \
--data "{
\"content\": \"$IP\",
\"name\": \"$RECORD\",
\"proxied\": $PROXY,
\"type\": \"AAAA\",
\"comment\": \"\",
\"tags\": [],
\"ttl\": 1
}"
}
func "*.gerg-l.com" "8f76f071c5edbc0f947a5c5f9c5df9f8"
func "minecraft.gerg-l.com" "8f76f071c5edbc0f947a5c5f9c5df9f8" "false"
func "*.nix-fu.com" "cc2df9163c3730f58b866409ac5a108c"
func "nix-fu.com" "cc2df9163c3730f58b866409ac5a108c"
'';
};
}