From aa1a46853492a44cbd18546d593e5a9550762e85 Mon Sep 17 00:00:00 2001
From: prescientmoon <git@moonythm.dev>
Date: Sun, 7 Apr 2024 12:11:57 +0200
Subject: [PATCH] Set up ddclient
---
.sops.yaml | 9 ++----
home/features/neovim/default.nix | 2 +-
home/features/wayland/hyprland/hyprland.conf | 12 ++++----
hosts/nixos/common/optional/services/acme.nix | 20 +++++++++++++
.../common/optional/services/acme/default.nix | 13 --------
.../optional/services/acme/secrets.yaml | 30 -------------------
.../nixos/common/optional/services/nginx.nix | 2 +-
hosts/nixos/common/secrets.yaml | 6 ++--
hosts/nixos/lapetus/default.nix | 1 +
hosts/nixos/lapetus/services/ddclient.nix | 27 +++++++++++++++++
10 files changed, 62 insertions(+), 60 deletions(-)
create mode 100644 hosts/nixos/common/optional/services/acme.nix
delete mode 100644 hosts/nixos/common/optional/services/acme/default.nix
delete mode 100644 hosts/nixos/common/optional/services/acme/secrets.yaml
create mode 100644 hosts/nixos/lapetus/services/ddclient.nix
diff --git a/.sops.yaml b/.sops.yaml
index 65fc19c..54d4a42 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -7,18 +7,13 @@ keys:
creation_rules:
- path_regex: hosts/nixos/common/secrets.yaml
key_groups:
- - age:
+ - age:
- *prescientmoon
- *tethys
- *lapetus
- - path_regex: hosts/nixos/common/optional/services/acme/secrets.yaml
- key_groups:
- - age:
- - *prescientmoon
- - *lapetus
- path_regex: hosts/nixos/lapetus/secrets.yaml
key_groups:
- - age:
+ - age:
- *prescientmoon
- *lapetus
- path_regex: home/features/desktop/wakatime/secrets.yaml
diff --git a/home/features/neovim/default.nix b/home/features/neovim/default.nix
index a3914d9..63a7160 100644
--- a/home/features/neovim/default.nix
+++ b/home/features/neovim/default.nix
@@ -3,7 +3,7 @@ let
# Toggles for including tooling related to a given language
packedTargets = {
elm = false;
- latex = false;
+ latex = true;
lua = true;
nix = true;
purescript = false;
diff --git a/home/features/wayland/hyprland/hyprland.conf b/home/features/wayland/hyprland/hyprland.conf
index 0d4c5e3..2b0f7ca 100644
--- a/home/features/wayland/hyprland/hyprland.conf
+++ b/home/features/wayland/hyprland/hyprland.conf
@@ -65,11 +65,11 @@ exec-once = wezterm & firefox & discocss & spotify & obsidian & smosgui
# {{{ Window rules
# {{{ Automatically move stuff to workspaces
-windowrulev2 = workspace 2 silent, title:^(.*Firefox.*)$
-windowrulev2 = workspace 3 silent, title:^(.*(Disc|WebC)ord.*)$
-windowrulev2 = workspace 6 silent, title:^(.*Spotify.*)$
-windowrulev2 = workspace 7 silent, title:^(.*Obsidian.*)$
-windowrulev2 = workspace 8 silent, class:^(org\.wezfurlong\.wezterm\.smos)$
+windowrulev2 = workspace 2 silent, title:^(.*Firefox.*)$
+windowrulev2 = workspace 3 silent, title:^(.*(Disc|WebC)ord.*)$
+windowrulev2 = workspace 6 silent, title:^(.*Spotify.*)$
+windowrulev2 = workspace 7 silent, title:^(.*Obsidian.*)$
+windowrulev2 = workspace 8 silent, class:^(org\.wezfurlong\.wezterm\.smos)$
# }}}
# {{{ Idleinhibit rules
# - while firefox is fullscreen
@@ -96,7 +96,7 @@ bind = $mod, L, exec, loginctl lock-session # Lock screen
bind = $mod, P, exec, anyrun
bind = $mod, B, exec, wlsunset-toggle # Toggle blue light filter thingy
bind = $mod, V, exec, wezterm start vimclip # Vim anywhere!
-# bind = $mod, W, exec, /home/adrielus/projects/solar-sandbox/python/form-filler/type.sh
+bind = $mod, W, exec, /home/adrielus/projects/form-filler/type.sh
# Work with the special workspace
bind = $mod, x, togglespecialworkspace,
diff --git a/hosts/nixos/common/optional/services/acme.nix b/hosts/nixos/common/optional/services/acme.nix
new file mode 100644
index 0000000..2edfc4b
--- /dev/null
+++ b/hosts/nixos/common/optional/services/acme.nix
@@ -0,0 +1,20 @@
+{ config, ... }: {
+ sops.secrets.porkbun_api_key.sopsFile = ../../secrets.yaml;
+ sops.secrets.porkbun_secret_api_key.sopsFile = ../../secrets.yaml;
+
+ sops.templates."acme.env".content = ''
+ PORKBUN_API_KEY=${config.sops.placeholder.porkbun_api_key}
+ PORKBUN_SECRET_API_KEY=${config.sops.placeholder.porkbun_secret_api_key}
+ '';
+
+ security.acme.acceptTerms = true;
+ security.acme.defaults = {
+ email = "acme@moonythm.dev";
+ dnsProvider = "porkbun";
+ environmentFile = config.sops.templates."acme.env".path;
+ };
+
+ environment.persistence."/persist/state".directories = [
+ "/var/lib/acme"
+ ];
+}
diff --git a/hosts/nixos/common/optional/services/acme/default.nix b/hosts/nixos/common/optional/services/acme/default.nix
deleted file mode 100644
index 83cc036..0000000
--- a/hosts/nixos/common/optional/services/acme/default.nix
+++ /dev/null
@@ -1,13 +0,0 @@
-{ config, ... }: {
- sops.secrets.porkbun_secrets.sopsFile = ./secrets.yaml;
- security.acme.acceptTerms = true;
- security.acme.defaults = {
- email = "acme@moonythm.dev";
- dnsProvider = "porkbun";
- environmentFile = config.sops.secrets.porkbun_secrets.path;
- };
-
- environment.persistence."/persist/state".directories = [
- "/var/lib/acme"
- ];
-}
diff --git a/hosts/nixos/common/optional/services/acme/secrets.yaml b/hosts/nixos/common/optional/services/acme/secrets.yaml
deleted file mode 100644
index 144d7e3..0000000
--- a/hosts/nixos/common/optional/services/acme/secrets.yaml
+++ /dev/null
@@ -1,30 +0,0 @@
-porkbun_secrets: ENC[AES256_GCM,data:aLJsbk/FQ5mPn6fYoWGlmT8nWfAZV4Z0EY0S5t6YXeKjSwieRzAWDoN7X/LQjZfSGzL4QDO8m1CFtfqQJsRXj4GBWe/njy/MuWp32XFMh5TLN/RHNoJ0++y6Jno+IDKQvTeOH0BVcZpe4quJB5aueIc5qSr8aoHIrYnO/zWlRSGDtu2ZSCye6atCdy09CFypwl+6tsvRh9DbU+FwRwT8Z2HaqbwWo5XGHemGWJQYnpSp,iv:RwY6l+GAAxBBN+nr0WoLoXXSkmpn8lP7g2Uoj1GJ8/M=,tag:8FaeUG4V1MTzQadxn/WmqA==,type:str]
-sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
- age:
- - recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBReWRaSHZsdzZlWmg5N1d3
- UXJmRVdxOHBxS3pqQXVPVGlzY2ZuYlovSUQ4Ckg4NjBpNEtLVkUzUWJzVlF4MkQ2
- dkNRWHVLUHBnQmsxWmF3SllJdjI4U1kKLS0tIDhiak9pVGc1eS9Ca015WkxscWd5
- Z20wWWxBTlBuNFRZdUM1QVVMUVFhQzgKi7NscHHhZDkSBgynppWW2vu6wIbGzv5M
- HmyGhOmbWD1HDlCiu0yY8OFkhyG7pd4Ujw9omlPrwkUAs/wAc6u+5g==
- -----END AGE ENCRYPTED FILE-----
- - recipient: age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
- enc: |
- -----BEGIN AGE ENCRYPTED FILE-----
- YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZSjNVdjNaZVFHRkc4Q0xk
- T2JDTzRvaDdWR1kxT2pQSTdSUWpCZmd0WHpvCmllRXBqenNidUhUV1RrV3JDeWJK
- WkJwcjdpN1E3ZWdCZGxYQjBDcWRZWGcKLS0tICtlZ00xZENyMWFTeXdaWFRpcEF4
- NXREQTQxR1pGakVlWEVYS2VCcVhSSzAKXSX8tIxS0mssx4GsAVotn6/pQ8fqPl5j
- ruC7XQc7DuYUGub/czm5lLodzfjPtSYzWYPC1Xh/7mB14bop60UJYA==
- -----END AGE ENCRYPTED FILE-----
- lastmodified: "2024-01-31T19:12:27Z"
- mac: ENC[AES256_GCM,data:8ezOQ9Fqpf8aXR7VPEqXdOqHVWoD3VVYXY2ISNdWs88LyTyaYfTDLdNf/zJeC4/03hGcNr6lEu6kAbOZI+JP98kqUYG2XFgwcAu+e/Gi/t/BCqmPFd8AdaaNJhtRZc6lvrvONUG809RZ2qwIOmYAfDf/NM9nhTKO5ZVY0Z1Wh3c=,iv:9OaX2OFxxh+uMcza0i5auC3wlzvyBQUZU5uzlcKXE0c=,tag:x0nK2xqpoFy910rDIJ9cBQ==,type:str]
- pgp: []
- unencrypted_suffix: _unencrypted
- version: 3.8.1
diff --git a/hosts/nixos/common/optional/services/nginx.nix b/hosts/nixos/common/optional/services/nginx.nix
index 78fa5ec..3e6b801 100644
--- a/hosts/nixos/common/optional/services/nginx.nix
+++ b/hosts/nixos/common/optional/services/nginx.nix
@@ -1,5 +1,5 @@
{
- imports = [ ./acme ];
+ imports = [ ./acme.nix ];
services.nginx = {
enable = true;
recommendedGzipSettings = true;
diff --git a/hosts/nixos/common/secrets.yaml b/hosts/nixos/common/secrets.yaml
index a58eda1..dddc0cc 100644
--- a/hosts/nixos/common/secrets.yaml
+++ b/hosts/nixos/common/secrets.yaml
@@ -1,5 +1,7 @@
wireless: ENC[AES256_GCM,data:Ib0PdBd2r/DPyE6Ah9NffT8Tw8c2y+seGFrE0e9GkyRaStdYMiiIlWCiaBO0u1HHaVV+2MQ33MnMdqyCGRlqGk45kl0GIwVR5iAiSYnobj/6wcse+kx/+5mzNOHXD1kJRGJBm5+SN9ntiGABNkQXJdn/Qoc/ukY1uaGe2nBeFKmGdD9JL7KfgdI5jYjQYyDbCL9JUszxkXNcplIRBAAy8JDaBVeo9HgI0QDIZToPKwuEeQoA9XzdimrjbCazlZy3ZvjAuoQXmrc1nIRHF5GabSRGTFTnTfcBeW2fGpUxmIhLyucn2DIQBXLm+RDdMLWoqcGbKiLVqKyUXck3ZZyoHMf2b9N52xMUwcS7,iv:ozkDwWmurWTD8TZHGvWL9Yh8cOrP1PzSBkz+1bBZybo=,tag:iGPjRaOoGRcOWJMweTL2yA==,type:str]
adrielus_password: ENC[AES256_GCM,data:lREgbcKwzAJQ3PPTWt7LXmgAsrKFCN+baQx4Q2YrHlu16yvKpmaZzPHJ/C5IjucUNbdceTs6Ef99IWzju0d8Hl5Z5UTMspYIhQ==,iv:JqnL3zfCd/xMRqTciA/Q6nYmFKzJkBqda4zucsE5KFw=,tag:RGZ/0/NEpdchj9h/l3Z7Ig==,type:str]
+porkbun_api_key: ENC[AES256_GCM,data:cWUk5+JEnI7dhVskK4Gr2oBJWcbmnsTiuEaXhDupRfDJheI5ySh7rVnvOZn7lJ7toqq6HW0qZ6WZES721Mc90khq1IM=,iv:IaaYv/RrZm+iUmvm5vc1CMX6JBicGh4RV8d4bhX/Xfw=,tag:kRG5tUsKlEAm9pGFP4UuSA==,type:str]
+porkbun_secret_api_key: ENC[AES256_GCM,data:doWMi6+3CNGd0y49jqtzRbzzxlVQR59CFo/1XSLiBx/mjJBL0WLfJEmtY9ZWVfwdmoY8TQuWBgizutexRhdc32OY6TA=,iv:v3z9viXTcI4VvIUB1INGlVaahQty4xt+VPLv9QnGivQ=,tag:cIzSwu1nrvvWmyvBlueGsA==,type:str]
sops:
kms: []
gcp_kms: []
@@ -33,8 +35,8 @@ sops:
WFd4ZFNHWG5Cakw5cU9MRE9HWHQ4THMKr/S7v1Oj3zQziMtI/NuFVm6AaJF5JV5U
sEr2nEptYFz4G6YL5psQGXHaKzQKBg+crgKRbYL4akhqT7pfYPC0bQ==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2024-02-07T14:49:34Z"
- mac: ENC[AES256_GCM,data:ZLMz0YRnEdq8jjlKPPrpudD8RVtr+ayfjGP7lXEiNUbHxhDClo/WjVpCd6HKdjy/76TZvb5Jq7+e3GTbBGm7CJjt7gS7b10gKAfqB+DwXrtO5PD9TeZOP0HCK5TwEKGjFDoPadKmQQyeBciLLZmKKmW3rtvL/G+U5ZkoPcedG1I=,iv:s7zaPCcYQFHEyNl99HAw3Ds2SUEhgAO5n4X0gODHMUY=,tag:VhqQnQv1wE7/k5GkzYNN3A==,type:str]
+ lastmodified: "2024-04-07T09:55:54Z"
+ mac: ENC[AES256_GCM,data:I7FNDroWbk612o2lqM837fDivrb17AqJctIrtYM+GTlqtpPH6yUB8QFGt1NLB/btuwAICN+8C8zrnlhp9Hi3SUoXgcS8UFUHZ19a0Nzy8Ae1JYhej5BQq+prl9P9K1sVDUkJPJY9+iHW8NBtLKP74RlC6wnYLYIknVqawFXo+/A=,iv:jG9d0eIsiOYykiuKzwMRV6mtgMPTw/hnwE96oE0TEoA=,tag:gO7kvxnEvEJf4HFC46QMig==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
diff --git a/hosts/nixos/lapetus/default.nix b/hosts/nixos/lapetus/default.nix
index 416356c..f508e0d 100644
--- a/hosts/nixos/lapetus/default.nix
+++ b/hosts/nixos/lapetus/default.nix
@@ -19,6 +19,7 @@
./services/invidious.nix
./services/diptime.nix
./services/radicale.nix
+ ./services/ddclient.nix
./filesystems
./hardware
];
diff --git a/hosts/nixos/lapetus/services/ddclient.nix b/hosts/nixos/lapetus/services/ddclient.nix
new file mode 100644
index 0000000..1700110
--- /dev/null
+++ b/hosts/nixos/lapetus/services/ddclient.nix
@@ -0,0 +1,27 @@
+# DDClient is a dynamic dns service
+{ config, ... }:
+{
+ imports = [ ../../common/optional/services/acme.nix ];
+
+ services.ddclient = {
+ enable = true;
+ interval = "1m";
+ configFile = config.sops.templates."ddclient.conf".path;
+ };
+
+ sops.templates."ddclient.conf".content = ''
+ # General settings
+ cache=/var/lib/ddclient # See the nixos module for details
+ foreground=YES
+
+ # Routers
+ use=web, web=checkip.dyndns.com/, web-skip='Current IP Address: '
+
+ # Protocols
+ protocol=porkbun
+ apikey=${config.sops.placeholder.porkbun_api_key}
+ secretapikey=${config.sops.placeholder.porkbun_secret_api_key}
+ real.lapetus.moonythm.dev
+ '';
+}
+