From aa1a46853492a44cbd18546d593e5a9550762e85 Mon Sep 17 00:00:00 2001
From: prescientmoon <git@moonythm.dev>
Date: Sun, 7 Apr 2024 12:11:57 +0200
Subject: [PATCH] Set up ddclient

---
 .sops.yaml                                    |  9 ++----
 home/features/neovim/default.nix              |  2 +-
 home/features/wayland/hyprland/hyprland.conf  | 12 ++++----
 hosts/nixos/common/optional/services/acme.nix | 20 +++++++++++++
 .../common/optional/services/acme/default.nix | 13 --------
 .../optional/services/acme/secrets.yaml       | 30 -------------------
 .../nixos/common/optional/services/nginx.nix  |  2 +-
 hosts/nixos/common/secrets.yaml               |  6 ++--
 hosts/nixos/lapetus/default.nix               |  1 +
 hosts/nixos/lapetus/services/ddclient.nix     | 27 +++++++++++++++++
 10 files changed, 62 insertions(+), 60 deletions(-)
 create mode 100644 hosts/nixos/common/optional/services/acme.nix
 delete mode 100644 hosts/nixos/common/optional/services/acme/default.nix
 delete mode 100644 hosts/nixos/common/optional/services/acme/secrets.yaml
 create mode 100644 hosts/nixos/lapetus/services/ddclient.nix

diff --git a/.sops.yaml b/.sops.yaml
index 65fc19c..54d4a42 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -7,18 +7,13 @@ keys:
 creation_rules:
   - path_regex: hosts/nixos/common/secrets.yaml
     key_groups:
-      - age: 
+      - age:
         - *prescientmoon
         - *tethys
         - *lapetus
-  - path_regex: hosts/nixos/common/optional/services/acme/secrets.yaml
-    key_groups:
-      - age: 
-        - *prescientmoon
-        - *lapetus
   - path_regex: hosts/nixos/lapetus/secrets.yaml
     key_groups:
-      - age: 
+      - age:
         - *prescientmoon
         - *lapetus
   - path_regex: home/features/desktop/wakatime/secrets.yaml
diff --git a/home/features/neovim/default.nix b/home/features/neovim/default.nix
index a3914d9..63a7160 100644
--- a/home/features/neovim/default.nix
+++ b/home/features/neovim/default.nix
@@ -3,7 +3,7 @@ let
   # Toggles for including tooling related to a given language
   packedTargets = {
     elm = false;
-    latex = false;
+    latex = true;
     lua = true;
     nix = true;
     purescript = false;
diff --git a/home/features/wayland/hyprland/hyprland.conf b/home/features/wayland/hyprland/hyprland.conf
index 0d4c5e3..2b0f7ca 100644
--- a/home/features/wayland/hyprland/hyprland.conf
+++ b/home/features/wayland/hyprland/hyprland.conf
@@ -65,11 +65,11 @@ exec-once = wezterm & firefox & discocss & spotify & obsidian & smosgui
 
 # {{{ Window rules
 # {{{ Automatically move stuff to workspaces
-windowrulev2 = workspace 2 silent, title:^(.*Firefox.*)$ 
-windowrulev2 = workspace 3 silent, title:^(.*(Disc|WebC)ord.*)$ 
-windowrulev2 = workspace 6 silent, title:^(.*Spotify.*)$ 
-windowrulev2 = workspace 7 silent, title:^(.*Obsidian.*)$ 
-windowrulev2 = workspace 8 silent, class:^(org\.wezfurlong\.wezterm\.smos)$ 
+windowrulev2 = workspace 2 silent, title:^(.*Firefox.*)$
+windowrulev2 = workspace 3 silent, title:^(.*(Disc|WebC)ord.*)$
+windowrulev2 = workspace 6 silent, title:^(.*Spotify.*)$
+windowrulev2 = workspace 7 silent, title:^(.*Obsidian.*)$
+windowrulev2 = workspace 8 silent, class:^(org\.wezfurlong\.wezterm\.smos)$
 # }}}
 # {{{ Idleinhibit rules
 # - while firefox is fullscreen
@@ -96,7 +96,7 @@ bind = $mod, L, exec, loginctl lock-session # Lock screen
 bind = $mod, P, exec, anyrun
 bind = $mod, B, exec, wlsunset-toggle # Toggle blue light filter thingy
 bind = $mod, V, exec, wezterm start vimclip # Vim anywhere!
-# bind = $mod, W, exec, /home/adrielus/projects/solar-sandbox/python/form-filler/type.sh
+bind = $mod, W, exec, /home/adrielus/projects/form-filler/type.sh
 
 # Work with the special workspace
 bind = $mod, x, togglespecialworkspace,
diff --git a/hosts/nixos/common/optional/services/acme.nix b/hosts/nixos/common/optional/services/acme.nix
new file mode 100644
index 0000000..2edfc4b
--- /dev/null
+++ b/hosts/nixos/common/optional/services/acme.nix
@@ -0,0 +1,20 @@
+{ config, ... }: {
+  sops.secrets.porkbun_api_key.sopsFile = ../../secrets.yaml;
+  sops.secrets.porkbun_secret_api_key.sopsFile = ../../secrets.yaml;
+
+  sops.templates."acme.env".content = ''
+    PORKBUN_API_KEY=${config.sops.placeholder.porkbun_api_key}
+    PORKBUN_SECRET_API_KEY=${config.sops.placeholder.porkbun_secret_api_key}
+  '';
+
+  security.acme.acceptTerms = true;
+  security.acme.defaults = {
+    email = "acme@moonythm.dev";
+    dnsProvider = "porkbun";
+    environmentFile = config.sops.templates."acme.env".path;
+  };
+
+  environment.persistence."/persist/state".directories = [
+    "/var/lib/acme"
+  ];
+}
diff --git a/hosts/nixos/common/optional/services/acme/default.nix b/hosts/nixos/common/optional/services/acme/default.nix
deleted file mode 100644
index 83cc036..0000000
--- a/hosts/nixos/common/optional/services/acme/default.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ config, ... }: {
-  sops.secrets.porkbun_secrets.sopsFile = ./secrets.yaml;
-  security.acme.acceptTerms = true;
-  security.acme.defaults = {
-    email = "acme@moonythm.dev";
-    dnsProvider = "porkbun";
-    environmentFile = config.sops.secrets.porkbun_secrets.path;
-  };
-
-  environment.persistence."/persist/state".directories = [
-    "/var/lib/acme"
-  ];
-}
diff --git a/hosts/nixos/common/optional/services/acme/secrets.yaml b/hosts/nixos/common/optional/services/acme/secrets.yaml
deleted file mode 100644
index 144d7e3..0000000
--- a/hosts/nixos/common/optional/services/acme/secrets.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-porkbun_secrets: ENC[AES256_GCM,data:aLJsbk/FQ5mPn6fYoWGlmT8nWfAZV4Z0EY0S5t6YXeKjSwieRzAWDoN7X/LQjZfSGzL4QDO8m1CFtfqQJsRXj4GBWe/njy/MuWp32XFMh5TLN/RHNoJ0++y6Jno+IDKQvTeOH0BVcZpe4quJB5aueIc5qSr8aoHIrYnO/zWlRSGDtu2ZSCye6atCdy09CFypwl+6tsvRh9DbU+FwRwT8Z2HaqbwWo5XGHemGWJQYnpSp,iv:RwY6l+GAAxBBN+nr0WoLoXXSkmpn8lP7g2Uoj1GJ8/M=,tag:8FaeUG4V1MTzQadxn/WmqA==,type:str]
-sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
-    age:
-        - recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBReWRaSHZsdzZlWmg5N1d3
-            UXJmRVdxOHBxS3pqQXVPVGlzY2ZuYlovSUQ4Ckg4NjBpNEtLVkUzUWJzVlF4MkQ2
-            dkNRWHVLUHBnQmsxWmF3SllJdjI4U1kKLS0tIDhiak9pVGc1eS9Ca015WkxscWd5
-            Z20wWWxBTlBuNFRZdUM1QVVMUVFhQzgKi7NscHHhZDkSBgynppWW2vu6wIbGzv5M
-            HmyGhOmbWD1HDlCiu0yY8OFkhyG7pd4Ujw9omlPrwkUAs/wAc6u+5g==
-            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
-          enc: |
-            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZSjNVdjNaZVFHRkc4Q0xk
-            T2JDTzRvaDdWR1kxT2pQSTdSUWpCZmd0WHpvCmllRXBqenNidUhUV1RrV3JDeWJK
-            WkJwcjdpN1E3ZWdCZGxYQjBDcWRZWGcKLS0tICtlZ00xZENyMWFTeXdaWFRpcEF4
-            NXREQTQxR1pGakVlWEVYS2VCcVhSSzAKXSX8tIxS0mssx4GsAVotn6/pQ8fqPl5j
-            ruC7XQc7DuYUGub/czm5lLodzfjPtSYzWYPC1Xh/7mB14bop60UJYA==
-            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-01-31T19:12:27Z"
-    mac: ENC[AES256_GCM,data:8ezOQ9Fqpf8aXR7VPEqXdOqHVWoD3VVYXY2ISNdWs88LyTyaYfTDLdNf/zJeC4/03hGcNr6lEu6kAbOZI+JP98kqUYG2XFgwcAu+e/Gi/t/BCqmPFd8AdaaNJhtRZc6lvrvONUG809RZ2qwIOmYAfDf/NM9nhTKO5ZVY0Z1Wh3c=,iv:9OaX2OFxxh+uMcza0i5auC3wlzvyBQUZU5uzlcKXE0c=,tag:x0nK2xqpoFy910rDIJ9cBQ==,type:str]
-    pgp: []
-    unencrypted_suffix: _unencrypted
-    version: 3.8.1
diff --git a/hosts/nixos/common/optional/services/nginx.nix b/hosts/nixos/common/optional/services/nginx.nix
index 78fa5ec..3e6b801 100644
--- a/hosts/nixos/common/optional/services/nginx.nix
+++ b/hosts/nixos/common/optional/services/nginx.nix
@@ -1,5 +1,5 @@
 {
-  imports = [ ./acme ];
+  imports = [ ./acme.nix ];
   services.nginx = {
     enable = true;
     recommendedGzipSettings = true;
diff --git a/hosts/nixos/common/secrets.yaml b/hosts/nixos/common/secrets.yaml
index a58eda1..dddc0cc 100644
--- a/hosts/nixos/common/secrets.yaml
+++ b/hosts/nixos/common/secrets.yaml
@@ -1,5 +1,7 @@
 wireless: ENC[AES256_GCM,data:Ib0PdBd2r/DPyE6Ah9NffT8Tw8c2y+seGFrE0e9GkyRaStdYMiiIlWCiaBO0u1HHaVV+2MQ33MnMdqyCGRlqGk45kl0GIwVR5iAiSYnobj/6wcse+kx/+5mzNOHXD1kJRGJBm5+SN9ntiGABNkQXJdn/Qoc/ukY1uaGe2nBeFKmGdD9JL7KfgdI5jYjQYyDbCL9JUszxkXNcplIRBAAy8JDaBVeo9HgI0QDIZToPKwuEeQoA9XzdimrjbCazlZy3ZvjAuoQXmrc1nIRHF5GabSRGTFTnTfcBeW2fGpUxmIhLyucn2DIQBXLm+RDdMLWoqcGbKiLVqKyUXck3ZZyoHMf2b9N52xMUwcS7,iv:ozkDwWmurWTD8TZHGvWL9Yh8cOrP1PzSBkz+1bBZybo=,tag:iGPjRaOoGRcOWJMweTL2yA==,type:str]
 adrielus_password: ENC[AES256_GCM,data:lREgbcKwzAJQ3PPTWt7LXmgAsrKFCN+baQx4Q2YrHlu16yvKpmaZzPHJ/C5IjucUNbdceTs6Ef99IWzju0d8Hl5Z5UTMspYIhQ==,iv:JqnL3zfCd/xMRqTciA/Q6nYmFKzJkBqda4zucsE5KFw=,tag:RGZ/0/NEpdchj9h/l3Z7Ig==,type:str]
+porkbun_api_key: ENC[AES256_GCM,data:cWUk5+JEnI7dhVskK4Gr2oBJWcbmnsTiuEaXhDupRfDJheI5ySh7rVnvOZn7lJ7toqq6HW0qZ6WZES721Mc90khq1IM=,iv:IaaYv/RrZm+iUmvm5vc1CMX6JBicGh4RV8d4bhX/Xfw=,tag:kRG5tUsKlEAm9pGFP4UuSA==,type:str]
+porkbun_secret_api_key: ENC[AES256_GCM,data:doWMi6+3CNGd0y49jqtzRbzzxlVQR59CFo/1XSLiBx/mjJBL0WLfJEmtY9ZWVfwdmoY8TQuWBgizutexRhdc32OY6TA=,iv:v3z9viXTcI4VvIUB1INGlVaahQty4xt+VPLv9QnGivQ=,tag:cIzSwu1nrvvWmyvBlueGsA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -33,8 +35,8 @@ sops:
             WFd4ZFNHWG5Cakw5cU9MRE9HWHQ4THMKr/S7v1Oj3zQziMtI/NuFVm6AaJF5JV5U
             sEr2nEptYFz4G6YL5psQGXHaKzQKBg+crgKRbYL4akhqT7pfYPC0bQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-02-07T14:49:34Z"
-    mac: ENC[AES256_GCM,data:ZLMz0YRnEdq8jjlKPPrpudD8RVtr+ayfjGP7lXEiNUbHxhDClo/WjVpCd6HKdjy/76TZvb5Jq7+e3GTbBGm7CJjt7gS7b10gKAfqB+DwXrtO5PD9TeZOP0HCK5TwEKGjFDoPadKmQQyeBciLLZmKKmW3rtvL/G+U5ZkoPcedG1I=,iv:s7zaPCcYQFHEyNl99HAw3Ds2SUEhgAO5n4X0gODHMUY=,tag:VhqQnQv1wE7/k5GkzYNN3A==,type:str]
+    lastmodified: "2024-04-07T09:55:54Z"
+    mac: ENC[AES256_GCM,data:I7FNDroWbk612o2lqM837fDivrb17AqJctIrtYM+GTlqtpPH6yUB8QFGt1NLB/btuwAICN+8C8zrnlhp9Hi3SUoXgcS8UFUHZ19a0Nzy8Ae1JYhej5BQq+prl9P9K1sVDUkJPJY9+iHW8NBtLKP74RlC6wnYLYIknVqawFXo+/A=,iv:jG9d0eIsiOYykiuKzwMRV6mtgMPTw/hnwE96oE0TEoA=,tag:gO7kvxnEvEJf4HFC46QMig==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1
diff --git a/hosts/nixos/lapetus/default.nix b/hosts/nixos/lapetus/default.nix
index 416356c..f508e0d 100644
--- a/hosts/nixos/lapetus/default.nix
+++ b/hosts/nixos/lapetus/default.nix
@@ -19,6 +19,7 @@
     ./services/invidious.nix
     ./services/diptime.nix
     ./services/radicale.nix
+    ./services/ddclient.nix
     ./filesystems
     ./hardware
   ];
diff --git a/hosts/nixos/lapetus/services/ddclient.nix b/hosts/nixos/lapetus/services/ddclient.nix
new file mode 100644
index 0000000..1700110
--- /dev/null
+++ b/hosts/nixos/lapetus/services/ddclient.nix
@@ -0,0 +1,27 @@
+# DDClient is a dynamic dns service
+{ config, ... }:
+{
+  imports = [ ../../common/optional/services/acme.nix ];
+
+  services.ddclient = {
+    enable = true;
+    interval = "1m";
+    configFile = config.sops.templates."ddclient.conf".path;
+  };
+
+  sops.templates."ddclient.conf".content = ''
+    # General settings
+    cache=/var/lib/ddclient # See the nixos module for details
+    foreground=YES
+
+    # Routers
+    use=web, web=checkip.dyndns.com/, web-skip='Current IP Address: '
+
+    # Protocols
+    protocol=porkbun
+    apikey=${config.sops.placeholder.porkbun_api_key}
+    secretapikey=${config.sops.placeholder.porkbun_secret_api_key}
+    real.lapetus.moonythm.dev
+  '';
+}
+