Set up ddclient
This commit is contained in:
parent
ca1b4d37af
commit
aa1a468534
|
@ -11,11 +11,6 @@ creation_rules:
|
||||||
- *prescientmoon
|
- *prescientmoon
|
||||||
- *tethys
|
- *tethys
|
||||||
- *lapetus
|
- *lapetus
|
||||||
- path_regex: hosts/nixos/common/optional/services/acme/secrets.yaml
|
|
||||||
key_groups:
|
|
||||||
- age:
|
|
||||||
- *prescientmoon
|
|
||||||
- *lapetus
|
|
||||||
- path_regex: hosts/nixos/lapetus/secrets.yaml
|
- path_regex: hosts/nixos/lapetus/secrets.yaml
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
|
|
|
@ -3,7 +3,7 @@ let
|
||||||
# Toggles for including tooling related to a given language
|
# Toggles for including tooling related to a given language
|
||||||
packedTargets = {
|
packedTargets = {
|
||||||
elm = false;
|
elm = false;
|
||||||
latex = false;
|
latex = true;
|
||||||
lua = true;
|
lua = true;
|
||||||
nix = true;
|
nix = true;
|
||||||
purescript = false;
|
purescript = false;
|
||||||
|
|
|
@ -96,7 +96,7 @@ bind = $mod, L, exec, loginctl lock-session # Lock screen
|
||||||
bind = $mod, P, exec, anyrun
|
bind = $mod, P, exec, anyrun
|
||||||
bind = $mod, B, exec, wlsunset-toggle # Toggle blue light filter thingy
|
bind = $mod, B, exec, wlsunset-toggle # Toggle blue light filter thingy
|
||||||
bind = $mod, V, exec, wezterm start vimclip # Vim anywhere!
|
bind = $mod, V, exec, wezterm start vimclip # Vim anywhere!
|
||||||
# bind = $mod, W, exec, /home/adrielus/projects/solar-sandbox/python/form-filler/type.sh
|
bind = $mod, W, exec, /home/adrielus/projects/form-filler/type.sh
|
||||||
|
|
||||||
# Work with the special workspace
|
# Work with the special workspace
|
||||||
bind = $mod, x, togglespecialworkspace,
|
bind = $mod, x, togglespecialworkspace,
|
||||||
|
|
20
hosts/nixos/common/optional/services/acme.nix
Normal file
20
hosts/nixos/common/optional/services/acme.nix
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
{ config, ... }: {
|
||||||
|
sops.secrets.porkbun_api_key.sopsFile = ../../secrets.yaml;
|
||||||
|
sops.secrets.porkbun_secret_api_key.sopsFile = ../../secrets.yaml;
|
||||||
|
|
||||||
|
sops.templates."acme.env".content = ''
|
||||||
|
PORKBUN_API_KEY=${config.sops.placeholder.porkbun_api_key}
|
||||||
|
PORKBUN_SECRET_API_KEY=${config.sops.placeholder.porkbun_secret_api_key}
|
||||||
|
'';
|
||||||
|
|
||||||
|
security.acme.acceptTerms = true;
|
||||||
|
security.acme.defaults = {
|
||||||
|
email = "acme@moonythm.dev";
|
||||||
|
dnsProvider = "porkbun";
|
||||||
|
environmentFile = config.sops.templates."acme.env".path;
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.persistence."/persist/state".directories = [
|
||||||
|
"/var/lib/acme"
|
||||||
|
];
|
||||||
|
}
|
|
@ -1,13 +0,0 @@
|
||||||
{ config, ... }: {
|
|
||||||
sops.secrets.porkbun_secrets.sopsFile = ./secrets.yaml;
|
|
||||||
security.acme.acceptTerms = true;
|
|
||||||
security.acme.defaults = {
|
|
||||||
email = "acme@moonythm.dev";
|
|
||||||
dnsProvider = "porkbun";
|
|
||||||
environmentFile = config.sops.secrets.porkbun_secrets.path;
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.persistence."/persist/state".directories = [
|
|
||||||
"/var/lib/acme"
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,30 +0,0 @@
|
||||||
porkbun_secrets: ENC[AES256_GCM,data:aLJsbk/FQ5mPn6fYoWGlmT8nWfAZV4Z0EY0S5t6YXeKjSwieRzAWDoN7X/LQjZfSGzL4QDO8m1CFtfqQJsRXj4GBWe/njy/MuWp32XFMh5TLN/RHNoJ0++y6Jno+IDKQvTeOH0BVcZpe4quJB5aueIc5qSr8aoHIrYnO/zWlRSGDtu2ZSCye6atCdy09CFypwl+6tsvRh9DbU+FwRwT8Z2HaqbwWo5XGHemGWJQYnpSp,iv:RwY6l+GAAxBBN+nr0WoLoXXSkmpn8lP7g2Uoj1GJ8/M=,tag:8FaeUG4V1MTzQadxn/WmqA==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age14mga4r0xa82a2uus3wq5q7rqnvflms3jmhknz4f3hsda8wttk9gsv2k9fs
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBReWRaSHZsdzZlWmg5N1d3
|
|
||||||
UXJmRVdxOHBxS3pqQXVPVGlzY2ZuYlovSUQ4Ckg4NjBpNEtLVkUzUWJzVlF4MkQ2
|
|
||||||
dkNRWHVLUHBnQmsxWmF3SllJdjI4U1kKLS0tIDhiak9pVGc1eS9Ca015WkxscWd5
|
|
||||||
Z20wWWxBTlBuNFRZdUM1QVVMUVFhQzgKi7NscHHhZDkSBgynppWW2vu6wIbGzv5M
|
|
||||||
HmyGhOmbWD1HDlCiu0yY8OFkhyG7pd4Ujw9omlPrwkUAs/wAc6u+5g==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1jem6jfkmfq54wzhqqhrnf786jsn5dmx82ewtt4vducac8m2fyukskun2p4
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZSjNVdjNaZVFHRkc4Q0xk
|
|
||||||
T2JDTzRvaDdWR1kxT2pQSTdSUWpCZmd0WHpvCmllRXBqenNidUhUV1RrV3JDeWJK
|
|
||||||
WkJwcjdpN1E3ZWdCZGxYQjBDcWRZWGcKLS0tICtlZ00xZENyMWFTeXdaWFRpcEF4
|
|
||||||
NXREQTQxR1pGakVlWEVYS2VCcVhSSzAKXSX8tIxS0mssx4GsAVotn6/pQ8fqPl5j
|
|
||||||
ruC7XQc7DuYUGub/czm5lLodzfjPtSYzWYPC1Xh/7mB14bop60UJYA==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2024-01-31T19:12:27Z"
|
|
||||||
mac: ENC[AES256_GCM,data:8ezOQ9Fqpf8aXR7VPEqXdOqHVWoD3VVYXY2ISNdWs88LyTyaYfTDLdNf/zJeC4/03hGcNr6lEu6kAbOZI+JP98kqUYG2XFgwcAu+e/Gi/t/BCqmPFd8AdaaNJhtRZc6lvrvONUG809RZ2qwIOmYAfDf/NM9nhTKO5ZVY0Z1Wh3c=,iv:9OaX2OFxxh+uMcza0i5auC3wlzvyBQUZU5uzlcKXE0c=,tag:x0nK2xqpoFy910rDIJ9cBQ==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_suffix: _unencrypted
|
|
||||||
version: 3.8.1
|
|
|
@ -1,5 +1,5 @@
|
||||||
{
|
{
|
||||||
imports = [ ./acme ];
|
imports = [ ./acme.nix ];
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
recommendedGzipSettings = true;
|
recommendedGzipSettings = true;
|
||||||
|
|
|
@ -1,5 +1,7 @@
|
||||||
wireless: ENC[AES256_GCM,data:Ib0PdBd2r/DPyE6Ah9NffT8Tw8c2y+seGFrE0e9GkyRaStdYMiiIlWCiaBO0u1HHaVV+2MQ33MnMdqyCGRlqGk45kl0GIwVR5iAiSYnobj/6wcse+kx/+5mzNOHXD1kJRGJBm5+SN9ntiGABNkQXJdn/Qoc/ukY1uaGe2nBeFKmGdD9JL7KfgdI5jYjQYyDbCL9JUszxkXNcplIRBAAy8JDaBVeo9HgI0QDIZToPKwuEeQoA9XzdimrjbCazlZy3ZvjAuoQXmrc1nIRHF5GabSRGTFTnTfcBeW2fGpUxmIhLyucn2DIQBXLm+RDdMLWoqcGbKiLVqKyUXck3ZZyoHMf2b9N52xMUwcS7,iv:ozkDwWmurWTD8TZHGvWL9Yh8cOrP1PzSBkz+1bBZybo=,tag:iGPjRaOoGRcOWJMweTL2yA==,type:str]
|
wireless: ENC[AES256_GCM,data:Ib0PdBd2r/DPyE6Ah9NffT8Tw8c2y+seGFrE0e9GkyRaStdYMiiIlWCiaBO0u1HHaVV+2MQ33MnMdqyCGRlqGk45kl0GIwVR5iAiSYnobj/6wcse+kx/+5mzNOHXD1kJRGJBm5+SN9ntiGABNkQXJdn/Qoc/ukY1uaGe2nBeFKmGdD9JL7KfgdI5jYjQYyDbCL9JUszxkXNcplIRBAAy8JDaBVeo9HgI0QDIZToPKwuEeQoA9XzdimrjbCazlZy3ZvjAuoQXmrc1nIRHF5GabSRGTFTnTfcBeW2fGpUxmIhLyucn2DIQBXLm+RDdMLWoqcGbKiLVqKyUXck3ZZyoHMf2b9N52xMUwcS7,iv:ozkDwWmurWTD8TZHGvWL9Yh8cOrP1PzSBkz+1bBZybo=,tag:iGPjRaOoGRcOWJMweTL2yA==,type:str]
|
||||||
adrielus_password: ENC[AES256_GCM,data:lREgbcKwzAJQ3PPTWt7LXmgAsrKFCN+baQx4Q2YrHlu16yvKpmaZzPHJ/C5IjucUNbdceTs6Ef99IWzju0d8Hl5Z5UTMspYIhQ==,iv:JqnL3zfCd/xMRqTciA/Q6nYmFKzJkBqda4zucsE5KFw=,tag:RGZ/0/NEpdchj9h/l3Z7Ig==,type:str]
|
adrielus_password: ENC[AES256_GCM,data:lREgbcKwzAJQ3PPTWt7LXmgAsrKFCN+baQx4Q2YrHlu16yvKpmaZzPHJ/C5IjucUNbdceTs6Ef99IWzju0d8Hl5Z5UTMspYIhQ==,iv:JqnL3zfCd/xMRqTciA/Q6nYmFKzJkBqda4zucsE5KFw=,tag:RGZ/0/NEpdchj9h/l3Z7Ig==,type:str]
|
||||||
|
porkbun_api_key: ENC[AES256_GCM,data:cWUk5+JEnI7dhVskK4Gr2oBJWcbmnsTiuEaXhDupRfDJheI5ySh7rVnvOZn7lJ7toqq6HW0qZ6WZES721Mc90khq1IM=,iv:IaaYv/RrZm+iUmvm5vc1CMX6JBicGh4RV8d4bhX/Xfw=,tag:kRG5tUsKlEAm9pGFP4UuSA==,type:str]
|
||||||
|
porkbun_secret_api_key: ENC[AES256_GCM,data:doWMi6+3CNGd0y49jqtzRbzzxlVQR59CFo/1XSLiBx/mjJBL0WLfJEmtY9ZWVfwdmoY8TQuWBgizutexRhdc32OY6TA=,iv:v3z9viXTcI4VvIUB1INGlVaahQty4xt+VPLv9QnGivQ=,tag:cIzSwu1nrvvWmyvBlueGsA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -33,8 +35,8 @@ sops:
|
||||||
WFd4ZFNHWG5Cakw5cU9MRE9HWHQ4THMKr/S7v1Oj3zQziMtI/NuFVm6AaJF5JV5U
|
WFd4ZFNHWG5Cakw5cU9MRE9HWHQ4THMKr/S7v1Oj3zQziMtI/NuFVm6AaJF5JV5U
|
||||||
sEr2nEptYFz4G6YL5psQGXHaKzQKBg+crgKRbYL4akhqT7pfYPC0bQ==
|
sEr2nEptYFz4G6YL5psQGXHaKzQKBg+crgKRbYL4akhqT7pfYPC0bQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-02-07T14:49:34Z"
|
lastmodified: "2024-04-07T09:55:54Z"
|
||||||
mac: ENC[AES256_GCM,data:ZLMz0YRnEdq8jjlKPPrpudD8RVtr+ayfjGP7lXEiNUbHxhDClo/WjVpCd6HKdjy/76TZvb5Jq7+e3GTbBGm7CJjt7gS7b10gKAfqB+DwXrtO5PD9TeZOP0HCK5TwEKGjFDoPadKmQQyeBciLLZmKKmW3rtvL/G+U5ZkoPcedG1I=,iv:s7zaPCcYQFHEyNl99HAw3Ds2SUEhgAO5n4X0gODHMUY=,tag:VhqQnQv1wE7/k5GkzYNN3A==,type:str]
|
mac: ENC[AES256_GCM,data:I7FNDroWbk612o2lqM837fDivrb17AqJctIrtYM+GTlqtpPH6yUB8QFGt1NLB/btuwAICN+8C8zrnlhp9Hi3SUoXgcS8UFUHZ19a0Nzy8Ae1JYhej5BQq+prl9P9K1sVDUkJPJY9+iHW8NBtLKP74RlC6wnYLYIknVqawFXo+/A=,iv:jG9d0eIsiOYykiuKzwMRV6mtgMPTw/hnwE96oE0TEoA=,tag:gO7kvxnEvEJf4HFC46QMig==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
|
@ -19,6 +19,7 @@
|
||||||
./services/invidious.nix
|
./services/invidious.nix
|
||||||
./services/diptime.nix
|
./services/diptime.nix
|
||||||
./services/radicale.nix
|
./services/radicale.nix
|
||||||
|
./services/ddclient.nix
|
||||||
./filesystems
|
./filesystems
|
||||||
./hardware
|
./hardware
|
||||||
];
|
];
|
||||||
|
|
27
hosts/nixos/lapetus/services/ddclient.nix
Normal file
27
hosts/nixos/lapetus/services/ddclient.nix
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
# DDClient is a dynamic dns service
|
||||||
|
{ config, ... }:
|
||||||
|
{
|
||||||
|
imports = [ ../../common/optional/services/acme.nix ];
|
||||||
|
|
||||||
|
services.ddclient = {
|
||||||
|
enable = true;
|
||||||
|
interval = "1m";
|
||||||
|
configFile = config.sops.templates."ddclient.conf".path;
|
||||||
|
};
|
||||||
|
|
||||||
|
sops.templates."ddclient.conf".content = ''
|
||||||
|
# General settings
|
||||||
|
cache=/var/lib/ddclient # See the nixos module for details
|
||||||
|
foreground=YES
|
||||||
|
|
||||||
|
# Routers
|
||||||
|
use=web, web=checkip.dyndns.com/, web-skip='Current IP Address: '
|
||||||
|
|
||||||
|
# Protocols
|
||||||
|
protocol=porkbun
|
||||||
|
apikey=${config.sops.placeholder.porkbun_api_key}
|
||||||
|
secretapikey=${config.sops.placeholder.porkbun_secret_api_key}
|
||||||
|
real.lapetus.moonythm.dev
|
||||||
|
'';
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue