port ddns-he to sops secret
This commit is contained in:
parent
364f76b59e
commit
bc9450a0fa
|
@ -1,20 +1,29 @@
|
|||
{ pkgs, secrets, ... }:
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
systemd.services.ddns-he = {
|
||||
description = "update dynamic DNS entries for HurricaneElectric";
|
||||
serviceConfig = {
|
||||
EnvironmentFile = config.sops.secrets.ddns_he.path;
|
||||
# TODO: ProtectSystem = "strict";
|
||||
# TODO: ProtectHome = "full";
|
||||
# TODO: PrivateTmp = true;
|
||||
};
|
||||
# HE DDNS API is documented: https://dns.he.net/docs.html
|
||||
script = let
|
||||
pass = secrets.ddns-he.password;
|
||||
crl = "${pkgs.curl}/bin/curl -4";
|
||||
in ''
|
||||
${crl} "https://he.uninsane.org:${pass}@dyn.dns.he.net/nic/update?hostname=he.uninsane.org"
|
||||
${crl} "https://native.uninsane.org:${pass}@dyn.dns.he.net/nic/update?hostname=native.uninsane.org"
|
||||
${crl} "https://uninsane.org:${pass}@dyn.dns.he.net/nic/update?hostname=uninsane.org"
|
||||
${crl} "https://he.uninsane.org:$HE_PASSPHRASE@dyn.dns.he.net/nic/update?hostname=he.uninsane.org"
|
||||
${crl} "https://native.uninsane.org:$HE_PASSPHRASE@dyn.dns.he.net/nic/update?hostname=native.uninsane.org"
|
||||
${crl} "https://uninsane.org:$HE_PASSPHRASE@dyn.dns.he.net/nic/update?hostname=uninsane.org"
|
||||
'';
|
||||
};
|
||||
systemd.timers.ddns-he.timerConfig = {
|
||||
OnStartupSec = "2min";
|
||||
OnUnitActiveSec = "10min";
|
||||
};
|
||||
|
||||
sops.secrets."ddns_he" = {
|
||||
sopsFile = ../../../secrets/uninsane.yaml;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,6 +1,4 @@
|
|||
{
|
||||
ddns-he.password = "<REPLACEME>";
|
||||
|
||||
# to generate:
|
||||
# wg genkey > wg0.private
|
||||
# wg pubkey < wg0.private > wg0.public
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
#ENC[AES256_GCM,data:mfjzNHS72mmkebXz8tqrBpiVbHLWG7RTFfPTsLphoc3E5jz/NOQLQ0q76pJLDXlZQ+BIc5TE2RqDH649opWAAiM/hd2QFr8=,iv:0bjh5bWwcYS2FLUr3O9Moh1YJW+Id1a2cEkkH98maMs=,tag:0r61r+/kpGHbK0ttVCPhow==,type:comment]
|
||||
#ENC[AES256_GCM,data:l5E8Ji9v6shdOjDsg+pvRmSgWz7Spbq1s4lO01WUSaGzmfJdr/nnVrIE6gQNImTKfW8McqY4ZHTFTUSZ5Fs8BkjpSQ+9N1OIJl7wmg6G168zSL2hgQtpM4DbECQNgfjCJxAG9TN/2wnQkhN0f5Lrqw==,iv:HyfnJKJQABwMj7X7fQxVcakBs1PBpWVWlr6PyVn1EvY=,tag:84aMXP8kCGVksYpw389klg==,type:comment]
|
||||
duplicity_passphrase: ENC[AES256_GCM,data:WAQE+xhfRg+4N9Q1P9U8Lt7sVwpcEZFPJzyHIA+FIcCcZZhv+QmvCT/eTRtAOIFvII5l9f0A4GRnSEagalyaZgTgq7t8qOhvvB+s8cIj7prM1psnKstpx3+BxsinGOsZcPqbBxph9gdGuIVP3qH7pYAT+6GMPLnxW21s0r26mZFZM8Mu15VGyuvTz2Pknw==,iv:hu+6w6TWQensA4y5wBz1vPgw8YlBk5TuxEm2rRjV6Ao=,tag:UJ2joJZNxr/+O5y0dx6q9g==,type:str]
|
||||
ddns_he: ENC[AES256_GCM,data:zAKbEAIMIsENUctG9bNAAjAty6g+w3QW5VM=,iv:ncIjblXnTiU3TQcHJutz9lCl0wBdWs+FybY0sZcnaH0=,tag:7O6EIob2/if1fcVDVEkVzQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -37,8 +38,8 @@ sops:
|
|||
U0ZlOUljcE9BL1lhcmIrVVl6eFdTUmMKBHmv96FmkL/oQw9//ATfem6HtORRjcce
|
||||
xJNwnsdrEqrBS3sG6xDkmJYOjaFrg1pwxYZRG87zeLShgkXkMNvz2A==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2022-06-07T09:30:04Z"
|
||||
mac: ENC[AES256_GCM,data:B/Tsq5YNrLd7MziJASlv0urTOJRKn8LHvRZFK/2qJBDrbHODQMVzQL35Yw4AtdQSDYcFm4RxQzqQ2mVRabb2Np0Duft8bH3v3EhknP2Jokx+lzmo878UFzumu2BP7lMnNeeYL6vIMVqPmhOl1RIwlvLvczKEpzW/hUHIvsWGsis=,iv:+eWHnG2ijszBiROJuEhbdEtc0Vy026Bmf1Tj45fBy7g=,tag:MCQAQm132fBH8kh/wpf9fQ==,type:str]
|
||||
lastmodified: "2022-06-08T21:27:38Z"
|
||||
mac: ENC[AES256_GCM,data:p0f7zHU5u+1n38eUQ7YxyivM2PhUG508CxS8ImPC1XRpJ8TIRH7OaGxoUL43UqIGNeO76upjp7XgZ5LNyTXTD3uluaMB0szPBwpxn5EOvL5Zt+MY/lxmuLFS2QBUmS3j/Z5AiDk0G+JaRoWCSzjuNF/udxBnrQ8dI22I88/JvOc=,iv:JEV661y2gHbyh9W3HzeYK7Crbhja6Dos/1l+lmyRs+4=,tag:/7D69dm4UkNVuklVA4KmPA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
|
|
Loading…
Reference in New Issue
Block a user