1
Fork 0

Set up ddclient

This commit is contained in:
prescientmoon 2024-04-07 12:11:57 +02:00
parent ca1b4d37af
commit aa1a468534
Signed by: prescientmoon
SSH key fingerprint: SHA256:UUF9JT2s8Xfyv76b8ZuVL7XrmimH4o49p4b+iexbVH4
10 changed files with 62 additions and 60 deletions

View file

@ -11,11 +11,6 @@ creation_rules:
- *prescientmoon - *prescientmoon
- *tethys - *tethys
- *lapetus - *lapetus
- path_regex: hosts/nixos/common/optional/services/acme/secrets.yaml
key_groups:
- age:
- *prescientmoon
- *lapetus
- path_regex: hosts/nixos/lapetus/secrets.yaml - path_regex: hosts/nixos/lapetus/secrets.yaml
key_groups: key_groups:
- age: - age:

View file

@ -3,7 +3,7 @@ let
# Toggles for including tooling related to a given language # Toggles for including tooling related to a given language
packedTargets = { packedTargets = {
elm = false; elm = false;
latex = false; latex = true;
lua = true; lua = true;
nix = true; nix = true;
purescript = false; purescript = false;

View file

@ -96,7 +96,7 @@ bind = $mod, L, exec, loginctl lock-session # Lock screen
bind = $mod, P, exec, anyrun bind = $mod, P, exec, anyrun
bind = $mod, B, exec, wlsunset-toggle # Toggle blue light filter thingy bind = $mod, B, exec, wlsunset-toggle # Toggle blue light filter thingy
bind = $mod, V, exec, wezterm start vimclip # Vim anywhere! bind = $mod, V, exec, wezterm start vimclip # Vim anywhere!
# bind = $mod, W, exec, /home/adrielus/projects/solar-sandbox/python/form-filler/type.sh bind = $mod, W, exec, /home/adrielus/projects/form-filler/type.sh
# Work with the special workspace # Work with the special workspace
bind = $mod, x, togglespecialworkspace, bind = $mod, x, togglespecialworkspace,

View file

@ -0,0 +1,20 @@
{ config, ... }: {
sops.secrets.porkbun_api_key.sopsFile = ../../secrets.yaml;
sops.secrets.porkbun_secret_api_key.sopsFile = ../../secrets.yaml;
sops.templates."acme.env".content = ''
PORKBUN_API_KEY=${config.sops.placeholder.porkbun_api_key}
PORKBUN_SECRET_API_KEY=${config.sops.placeholder.porkbun_secret_api_key}
'';
security.acme.acceptTerms = true;
security.acme.defaults = {
email = "acme@moonythm.dev";
dnsProvider = "porkbun";
environmentFile = config.sops.templates."acme.env".path;
};
environment.persistence."/persist/state".directories = [
"/var/lib/acme"
];
}

View file

@ -1,13 +0,0 @@
{ config, ... }: {
sops.secrets.porkbun_secrets.sopsFile = ./secrets.yaml;
security.acme.acceptTerms = true;
security.acme.defaults = {
email = "acme@moonythm.dev";
dnsProvider = "porkbun";
environmentFile = config.sops.secrets.porkbun_secrets.path;
};
environment.persistence."/persist/state".directories = [
"/var/lib/acme"
];
}

View file

@ -1,30 +0,0 @@
porkbun_secrets: ENC[AES256_GCM,data:aLJsbk/FQ5mPn6fYoWGlmT8nWfAZV4Z0EY0S5t6YXeKjSwieRzAWDoN7X/LQjZfSGzL4QDO8m1CFtfqQJsRXj4GBWe/njy/MuWp32XFMh5TLN/RHNoJ0++y6Jno+IDKQvTeOH0BVcZpe4quJB5aueIc5qSr8aoHIrYnO/zWlRSGDtu2ZSCye6atCdy09CFypwl+6tsvRh9DbU+FwRwT8Z2HaqbwWo5XGHemGWJQYnpSp,iv:RwY6l+GAAxBBN+nr0WoLoXXSkmpn8lP7g2Uoj1GJ8/M=,tag:8FaeUG4V1MTzQadxn/WmqA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBReWRaSHZsdzZlWmg5N1d3
UXJmRVdxOHBxS3pqQXVPVGlzY2ZuYlovSUQ4Ckg4NjBpNEtLVkUzUWJzVlF4MkQ2
dkNRWHVLUHBnQmsxWmF3SllJdjI4U1kKLS0tIDhiak9pVGc1eS9Ca015WkxscWd5
Z20wWWxBTlBuNFRZdUM1QVVMUVFhQzgKi7NscHHhZDkSBgynppWW2vu6wIbGzv5M
HmyGhOmbWD1HDlCiu0yY8OFkhyG7pd4Ujw9omlPrwkUAs/wAc6u+5g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZSjNVdjNaZVFHRkc4Q0xk
T2JDTzRvaDdWR1kxT2pQSTdSUWpCZmd0WHpvCmllRXBqenNidUhUV1RrV3JDeWJK
WkJwcjdpN1E3ZWdCZGxYQjBDcWRZWGcKLS0tICtlZ00xZENyMWFTeXdaWFRpcEF4
NXREQTQxR1pGakVlWEVYS2VCcVhSSzAKXSX8tIxS0mssx4GsAVotn6/pQ8fqPl5j
ruC7XQc7DuYUGub/czm5lLodzfjPtSYzWYPC1Xh/7mB14bop60UJYA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-31T19:12:27Z"
mac: ENC[AES256_GCM,data:8ezOQ9Fqpf8aXR7VPEqXdOqHVWoD3VVYXY2ISNdWs88LyTyaYfTDLdNf/zJeC4/03hGcNr6lEu6kAbOZI+JP98kqUYG2XFgwcAu+e/Gi/t/BCqmPFd8AdaaNJhtRZc6lvrvONUG809RZ2qwIOmYAfDf/NM9nhTKO5ZVY0Z1Wh3c=,iv:9OaX2OFxxh+uMcza0i5auC3wlzvyBQUZU5uzlcKXE0c=,tag:x0nK2xqpoFy910rDIJ9cBQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View file

@ -1,5 +1,5 @@
{ {
imports = [ ./acme ]; imports = [ ./acme.nix ];
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;

View file

@ -1,5 +1,7 @@
wireless: ENC[AES256_GCM,data:Ib0PdBd2r/DPyE6Ah9NffT8Tw8c2y+seGFrE0e9GkyRaStdYMiiIlWCiaBO0u1HHaVV+2MQ33MnMdqyCGRlqGk45kl0GIwVR5iAiSYnobj/6wcse+kx/+5mzNOHXD1kJRGJBm5+SN9ntiGABNkQXJdn/Qoc/ukY1uaGe2nBeFKmGdD9JL7KfgdI5jYjQYyDbCL9JUszxkXNcplIRBAAy8JDaBVeo9HgI0QDIZToPKwuEeQoA9XzdimrjbCazlZy3ZvjAuoQXmrc1nIRHF5GabSRGTFTnTfcBeW2fGpUxmIhLyucn2DIQBXLm+RDdMLWoqcGbKiLVqKyUXck3ZZyoHMf2b9N52xMUwcS7,iv:ozkDwWmurWTD8TZHGvWL9Yh8cOrP1PzSBkz+1bBZybo=,tag:iGPjRaOoGRcOWJMweTL2yA==,type:str] wireless: ENC[AES256_GCM,data:Ib0PdBd2r/DPyE6Ah9NffT8Tw8c2y+seGFrE0e9GkyRaStdYMiiIlWCiaBO0u1HHaVV+2MQ33MnMdqyCGRlqGk45kl0GIwVR5iAiSYnobj/6wcse+kx/+5mzNOHXD1kJRGJBm5+SN9ntiGABNkQXJdn/Qoc/ukY1uaGe2nBeFKmGdD9JL7KfgdI5jYjQYyDbCL9JUszxkXNcplIRBAAy8JDaBVeo9HgI0QDIZToPKwuEeQoA9XzdimrjbCazlZy3ZvjAuoQXmrc1nIRHF5GabSRGTFTnTfcBeW2fGpUxmIhLyucn2DIQBXLm+RDdMLWoqcGbKiLVqKyUXck3ZZyoHMf2b9N52xMUwcS7,iv:ozkDwWmurWTD8TZHGvWL9Yh8cOrP1PzSBkz+1bBZybo=,tag:iGPjRaOoGRcOWJMweTL2yA==,type:str]
adrielus_password: ENC[AES256_GCM,data:lREgbcKwzAJQ3PPTWt7LXmgAsrKFCN+baQx4Q2YrHlu16yvKpmaZzPHJ/C5IjucUNbdceTs6Ef99IWzju0d8Hl5Z5UTMspYIhQ==,iv:JqnL3zfCd/xMRqTciA/Q6nYmFKzJkBqda4zucsE5KFw=,tag:RGZ/0/NEpdchj9h/l3Z7Ig==,type:str] adrielus_password: ENC[AES256_GCM,data:lREgbcKwzAJQ3PPTWt7LXmgAsrKFCN+baQx4Q2YrHlu16yvKpmaZzPHJ/C5IjucUNbdceTs6Ef99IWzju0d8Hl5Z5UTMspYIhQ==,iv:JqnL3zfCd/xMRqTciA/Q6nYmFKzJkBqda4zucsE5KFw=,tag:RGZ/0/NEpdchj9h/l3Z7Ig==,type:str]
porkbun_api_key: ENC[AES256_GCM,data:cWUk5+JEnI7dhVskK4Gr2oBJWcbmnsTiuEaXhDupRfDJheI5ySh7rVnvOZn7lJ7toqq6HW0qZ6WZES721Mc90khq1IM=,iv:IaaYv/RrZm+iUmvm5vc1CMX6JBicGh4RV8d4bhX/Xfw=,tag:kRG5tUsKlEAm9pGFP4UuSA==,type:str]
porkbun_secret_api_key: ENC[AES256_GCM,data:doWMi6+3CNGd0y49jqtzRbzzxlVQR59CFo/1XSLiBx/mjJBL0WLfJEmtY9ZWVfwdmoY8TQuWBgizutexRhdc32OY6TA=,iv:v3z9viXTcI4VvIUB1INGlVaahQty4xt+VPLv9QnGivQ=,tag:cIzSwu1nrvvWmyvBlueGsA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -33,8 +35,8 @@ sops:
WFd4ZFNHWG5Cakw5cU9MRE9HWHQ4THMKr/S7v1Oj3zQziMtI/NuFVm6AaJF5JV5U WFd4ZFNHWG5Cakw5cU9MRE9HWHQ4THMKr/S7v1Oj3zQziMtI/NuFVm6AaJF5JV5U
sEr2nEptYFz4G6YL5psQGXHaKzQKBg+crgKRbYL4akhqT7pfYPC0bQ== sEr2nEptYFz4G6YL5psQGXHaKzQKBg+crgKRbYL4akhqT7pfYPC0bQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-07T14:49:34Z" lastmodified: "2024-04-07T09:55:54Z"
mac: ENC[AES256_GCM,data:ZLMz0YRnEdq8jjlKPPrpudD8RVtr+ayfjGP7lXEiNUbHxhDClo/WjVpCd6HKdjy/76TZvb5Jq7+e3GTbBGm7CJjt7gS7b10gKAfqB+DwXrtO5PD9TeZOP0HCK5TwEKGjFDoPadKmQQyeBciLLZmKKmW3rtvL/G+U5ZkoPcedG1I=,iv:s7zaPCcYQFHEyNl99HAw3Ds2SUEhgAO5n4X0gODHMUY=,tag:VhqQnQv1wE7/k5GkzYNN3A==,type:str] mac: ENC[AES256_GCM,data:I7FNDroWbk612o2lqM837fDivrb17AqJctIrtYM+GTlqtpPH6yUB8QFGt1NLB/btuwAICN+8C8zrnlhp9Hi3SUoXgcS8UFUHZ19a0Nzy8Ae1JYhej5BQq+prl9P9K1sVDUkJPJY9+iHW8NBtLKP74RlC6wnYLYIknVqawFXo+/A=,iv:jG9d0eIsiOYykiuKzwMRV6mtgMPTw/hnwE96oE0TEoA=,tag:gO7kvxnEvEJf4HFC46QMig==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

View file

@ -19,6 +19,7 @@
./services/invidious.nix ./services/invidious.nix
./services/diptime.nix ./services/diptime.nix
./services/radicale.nix ./services/radicale.nix
./services/ddclient.nix
./filesystems ./filesystems
./hardware ./hardware
]; ];

View file

@ -0,0 +1,27 @@
# DDClient is a dynamic dns service
{ config, ... }:
{
imports = [ ../../common/optional/services/acme.nix ];
services.ddclient = {
enable = true;
interval = "1m";
configFile = config.sops.templates."ddclient.conf".path;
};
sops.templates."ddclient.conf".content = ''
# General settings
cache=/var/lib/ddclient # See the nixos module for details
foreground=YES
# Routers
use=web, web=checkip.dyndns.com/, web-skip='Current IP Address: '
# Protocols
protocol=porkbun
apikey=${config.sops.placeholder.porkbun_api_key}
secretapikey=${config.sops.placeholder.porkbun_secret_api_key}
real.lapetus.moonythm.dev
'';
}