From 8169f7c6b23a84f301a5675540ce5c7b9a37b44c Mon Sep 17 00:00:00 2001
From: colin <colin@uninsane.org>
Date: Mon, 19 Dec 2022 08:24:11 +0000
Subject: [PATCH] ddns-trust-dns: use ddns from router rather than ipinfo.io

---
 hosts/servo/services/trust-dns.nix |  6 ++----
 pkgs/sane-scripts/default.nix      | 13 +++++++++++--
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/hosts/servo/services/trust-dns.nix b/hosts/servo/services/trust-dns.nix
index d9688c98..825b8d1a 100644
--- a/hosts/servo/services/trust-dns.nix
+++ b/hosts/servo/services/trust-dns.nix
@@ -58,8 +58,8 @@
     )];
     serviceConfig.Type = "oneshot";
     script = let
+      check-ip = "${pkgs.sane-scripts}/bin/sane-ip-check-router-wan";
       sed = "${pkgs.gnused}/bin/sed";
-      curl = "${pkgs.curl}/bin/curl -4";
       zone-dir = "/var/lib/trust-dns";
       zone-out = "${zone-dir}/native.uninsane.org.zone";
       diff = "${pkgs.diffutils}/bin/diff";
@@ -72,10 +72,8 @@
     in ''
       set -ex
       mkdir -p ${zone-dir}
-      ip=$(${curl} https://ipinfo.io/ip)
+      ip=$(${check-ip})
 
-      # TODO: validate that this is really our IP!
-      # - i could host a service in ovpns which replies to pings
       ${sed} s/%NATIVE%/$ip/ ${zone-template} > ${zone-out}.new
 
       # see if anything changed
diff --git a/pkgs/sane-scripts/default.nix b/pkgs/sane-scripts/default.nix
index de70a519..c9c9a5d5 100644
--- a/pkgs/sane-scripts/default.nix
+++ b/pkgs/sane-scripts/default.nix
@@ -22,7 +22,7 @@ resholve.mkDerivation {
         # this lets our scripts reference eachother.
         # see: <https://github.com/abathur/resholve/issues/26>
         "bin"
-        coreutils
+        coreutils-full
         curl
         duplicity
         file
@@ -57,10 +57,18 @@ resholve.mkDerivation {
       fake = {
         external = [
           # https://github.com/abathur/resholve/issues/29
-          "umount"
+          # "umount"
+          # "/run/wrappers/bin/sudo"
           "sudo"
         ];
       };
+      fix = {
+        # this replaces umount with the non-setuid-wrapper umount.
+        # not sure if/where that lack of suid causes problems.
+        umount = true;
+      };
+      # prologue is broken; see <https://github.com/abathur/resholve/issues/89>
+      # prologue = "bin/prologue";
 
       # list of programs which *can* or *cannot* exec their arguments
       execer = with pkgs; [
@@ -82,6 +90,7 @@ resholve.mkDerivation {
   installPhase = ''
     mkdir -p "$out/bin"
     cp -R * "$out"/bin/
+    sed -i '3iPATH=$PATH:/run/wrappers/bin' $out/bin/*;
   '';
 
   meta = {