uninsane: add a hurricane electric ddns service

also adds some basic secrets management. i can make this more robust in time.
2022-05-24 17:24:11 -07:00 · 2022-05-24 17:24:11 -07:00 · f8cf676df4
commit f8cf676df4
parent d9faeb6d6f
4 changed files with 22 additions and 1 deletions
--- a/flake.nix
+++ b/flake.nix
@ -69,7 +69,7 @@

    decl-machine = { name, system, extraModules ? [], basePkgs ? nixpkgs }: (basePkgs.lib.nixosSystem {
        inherit system;
-        specialArgs = { inherit home-manager; inherit nurpkgs; };
+        specialArgs = { inherit home-manager; inherit nurpkgs; secrets = import ./secrets.nix ;};
        modules = [
          ./configuration.nix
          ./modules
--- a/machines/uninsane/default.nix
+++ b/machines/uninsane/default.nix
@ -7,6 +7,7 @@
    ./hardware.nix
    ./net.nix
    ./users.nix
+    ./services/ddns-he.nix
    ./services/duplicity.nix
    ./services/gitea.nix
    ./services/jackett.nix
--- a/machines/uninsane/services/ddns-he.nix
+++ b/machines/uninsane/services/ddns-he.nix
@ -0,0 +1,17 @@
+{ pkgs, secrets, ... }:
+
+{
+  systemd.services.ddns-he = {
+    description = "update dynamic DNS entries for HurricaneElectric";
+    # HE DDNS API is documented: https://dns.he.net/docs.html
+    script = let
+      pass = secrets.ddns-he.password;
+      crl = "${pkgs.curl}/bin/curl -4";
+    in ''
+      ${crl} "https://he.uninsane.org:${pass}@dyn.dns.he.net/nic/update?hostname=he.uninsane.org"
+      ${crl} "https://native.uninsane.org:${pass}@dyn.dns.he.net/nic/update?hostname=native.uninsane.org"
+      ${crl} "https://uninsane.org:${pass}@dyn.dns.he.net/nic/update?hostname=uninsane.org"
+    '';
+    startAt = "10min";
+  };
+}
--- a/secrets.nix
+++ b/secrets.nix
@ -0,0 +1,3 @@
+{
+  ddns-he.password = "<REPLACEME>";
+}