nixos/hosts/gerg-desktop/services/ddns.nix

{ _file }:
{ config, pkgs, ... }:
{
  sops.secrets.cloudflare = { };

  systemd.services.ddns = {
    reloadIfChanged = false;
    restartIfChanged = false;
    stopIfChanged = false;
    serviceConfig = {
      Type = "oneshot";
      RemainAfterExit = true;
    };
    wantedBy = [ "multi-user.target" ];
    wants = [ "network-online.target" ];
    after = [ "network-online.target" ];
    startAt = "*:0/30";

    serviceConfig = {
      EnvironmentFile = config.sops.secrets.cloudflare.path;
      DynamicUser = true;
    };

    path = [
      pkgs.netcat
      pkgs.jq
      pkgs.curl
    ];

    script = ''
      if ! nc -zw1 google.com 443 &>/dev/null; then
        echo No Internet access... bailing early
        exit 0
      fi

      IP=$(grep -oP '^((?!fe80).).{22}ffee.{5}' /proc/net/if_inet6 | sed -E 's/(.{4})/\1:/g; s/.$//')

      func () {
        RECORD="$1"
        ZONE="$2"
        PROXY="''${3:-"true"}"


        REQ=$(curl --silent \
          --request GET \
          --url "https://api.cloudflare.com/client/v4/zones/$ZONE/dns_records" \
          --header 'Content-Type: application/json' \
          --header "Authorization: Bearer $AUTH"
        )

        readarray -t AR < <(jq -r '.result[].name' <<< "$REQ")

        for i in "''${!AR[@]}"; do
          if [ "''${AR[i]}" == "$RECORD" ]; then
            ID=$(jq -r ".result[$i].id" <<< "$REQ")
            if [ "$(jq -r ".result[$i].content" <<< "$REQ")" == "$IP" ]; then
              echo "IP was the same, returing early"
              return 0
            fi
            break
          fi
        done


        curl --silent \
          --request PATCH \
          --url "https://api.cloudflare.com/client/v4/zones/$ZONE/dns_records/$ID" \
          --header "Authorization: Bearer $AUTH" \
          --header "Content-Type: application/json" \
          --data '{
          "content": "'"$IP"'",
          "name": "'"$RECORD"'",
          "proxied": '"$PROXY"',
          "type": "AAAA",
          "comment": "",
          "tags": [],
          "ttl":  1
        }'
      }

      func "*.gerg-l.com" "8f76f071c5edbc0f947a5c5f9c5df9f8"
      func "minecraft.gerg-l.com" "8f76f071c5edbc0f947a5c5f9c5df9f8" "false"
      func "*.nix-fu.com" "cc2df9163c3730f58b866409ac5a108c"
      func "nix-fu.com" "cc2df9163c3730f58b866409ac5a108c"
    '';
  };
  inherit _file;
}