gerg-l/nixos
1
0
Fork 0
mirror of https://github.com/Gerg-L/nixos.git synced 2025-12-10 00:43:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
nixos/hosts/gerg-desktop/services/ddns.nix

82 lines
2.2 KiB
Nix
Raw Blame History

_:
{ config, pkgs, ... }:
{
sops.secrets.cloudflare = { };
systemd.services.ddns = {
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
startAt = "*:0/30";
serviceConfig = {
LoadCredential = "token:${config.sops.secrets.cloudflare.path}";
DynamicUser = true;
};
path = [
pkgs.netcat
pkgs.jq
pkgs.curl
];
script = ''
if ! nc -zw1 google.com 443 &>/dev/null; then
echo No Internet access... bailing early
exit 0
fi
AUTH="$(cat "$CREDENTIALS_DIRECTORY/token")"
IP=$(grep -oP '^((?!fe80).).{22}ffee.{5}' /proc/net/if_inet6 | sed -E 's/(.{4})/\1:/g; s/.$//')
func () {
RECORD="$1"
ZONE="$2"
PROXY="''${3:-"true"}"
REQ=$(curl --silent \
--request GET \
--url "https://api.cloudflare.com/client/v4/zones/$ZONE/dns_records" \
--header 'Content-Type: application/json' \
--header "Authorization: Bearer $AUTH"
)
readarray -t AR < <(jq -r '.result[].name' <<< "$REQ")
for i in "''${!AR[@]}"; do
if [ "''${AR[i]}" == "$RECORD" ]; then
ID=$(jq -r ".result[$i].id" <<< "$REQ")
if [ "$(jq -r ".result[$i].content" <<< "$REQ")" == "$IP" ]; then
echo "IP was the same, returing early"
return 0
fi
break
fi
done
curl --silent \
--request PATCH \
--url "https://api.cloudflare.com/client/v4/zones/$ZONE/dns_records/$ID" \
--header "Authorization: Bearer $AUTH" \
--header "Content-Type: application/json" \
--data "{
\"content\": \"$IP\",
\"name\": \"$RECORD\",
\"proxied\": $PROXY,
\"type\": \"AAAA\",
\"comment\": \"\",
\"tags\": [],
\"ttl\": 1
}"
}
func "*.gerg-l.com" "8f76f071c5edbc0f947a5c5f9c5df9f8"
func "minecraft.gerg-l.com" "8f76f071c5edbc0f947a5c5f9c5df9f8" "false"
func "*.nix-fu.com" "cc2df9163c3730f58b866409ac5a108c"
func "nix-fu.com" "cc2df9163c3730f58b866409ac5a108c"
'';
};
}
Reference in a new issue View git blame Copy permalink