From a95a5e111ae884846c1b7164ee7b7895e5223af9 Mon Sep 17 00:00:00 2001
From: Nettika <git@nettika.cat>
Date: Fri, 19 Jul 2024 16:01:26 -0700
Subject: [PATCH] Add DNS updater service

---
 hosts/monolith/default.nix |   1 +
 hosts/monolith/dns.nix     |  34 ++++++++++++++++++++++++++++++++++
 modules/common.nix         |   5 ++++-
 secrets.json               | Bin 270 -> 343 bytes
 4 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100755 hosts/monolith/dns.nix

diff --git a/hosts/monolith/default.nix b/hosts/monolith/default.nix
index 36c0f47..ac7835e 100755
--- a/hosts/monolith/default.nix
+++ b/hosts/monolith/default.nix
@@ -3,6 +3,7 @@
   imports = [
     self.nixosModules.common
     self.nixosModules.server
+    ./dns.nix
   ];
 
   networking = {
diff --git a/hosts/monolith/dns.nix b/hosts/monolith/dns.nix
new file mode 100755
index 0000000..24d8823
--- /dev/null
+++ b/hosts/monolith/dns.nix
@@ -0,0 +1,34 @@
+{ secrets, pkgs, ... }:
+{
+  systemd.services.update-dns = {
+    serviceConfig.Type = "oneshot";
+    description = "Update the leaf.ninja DNS records";
+    path = with pkgs; [ curl jq ];
+    script = ''
+      public_ip=$(curl -s https://ifconfig.me/ip)
+      endpoint="https://api.gandi.net/v5/livedns/domains/leaf.ninja/records"
+      curl -s \
+        -X PUT \
+        -H "Authorization: Bearer ${secrets.gandi.token}" \
+        -H "Content-Type: application/json" \
+        -d "{\"rrset_values\":[\"$public_ip\"]}" \
+        "$ENDPOINT/%2A/A" | jq
+      curl -s \
+        -X PUT \
+        -H "Authorization: Bearer ${secrets.gandi.token}" \
+        -H "Content-Type: application/json" \
+        -d "{\"rrset_values\":[\"$public_ip\"]}" \
+        "$ENDPOINT/%40/A" | jq
+    '';
+  };
+
+  systemd.timers.update-dns = {
+    wantedBy = [ "timers.target" ];
+    partOf = [ "update-dns.service" ];
+    timerConfig = {
+      OnBootSec = "15m";
+      OnUnitActiveSec = "15m";
+      Unit = "update-dns.service";
+    };
+  };
+}
diff --git a/modules/common.nix b/modules/common.nix
index 7347852..8d6b24f 100755
--- a/modules/common.nix
+++ b/modules/common.nix
@@ -37,5 +37,8 @@
     joinNetworks = secrets.zerotier.networks;
   };
 
-  environment.systemPackages = [ pkgs.git-crypt ];
+  environment.systemPackages = with pkgs; [
+    git-crypt
+    jq
+  ];
 }
diff --git a/secrets.json b/secrets.json
index b75936565a0b197b7a62edb8218db83d2a40d5ec..d85e392a6b41bbd09c2677d9624d516de285e488 100755
GIT binary patch
literal 343
zcmZQ@_Y83kiVO&0cz^Z1s;&87#s%6jFI5h6HSk6=TAVexwzx3wrh8`22Tp6Ie{%06
z+4nA#S}Ga*MfH%5vu*qp5w5qF-=)OQWbvENy7R`tdnX-F#pf4r9AGcg3_B~=xi{h$
zuZHek)&-{?|4V7pTy-=ro9Xz&kZsS5xPE?rRwSj`=$e*xKBqTQ&yU&9T=>hcXOC-Q
zCj8j4^3A?Ah39q~n<y_`AQ0*7EPnb{-YNbNx6{Yg8sFU9GV#Q@i&Izjq?WVFTb$3_
zFD_Tt{(#3t$yjF=OU*k^+ns6dlNuRc^F6-4<;axW1#9lDJRk9=Rys+UPxncO{Ef2Z
zeo0%;eLnQc)ApXm6s!MXzoI!KRhUI~*q?bMweH8lSiyat>J--<%Qb(M74ZK-(vQQT
zbBviPv)BsmYxL~1KmR8$-nU_vvy8CO1ugOWpEB4=4nN=t{BE;px^(rF!r4p9KCU?m
E0JXiPeE<Le

literal 270
zcmZQ@_Y83kiVO&0SkXP{f9my!VufYmVn){bo!@eFe!pC1;-kgea;w+5vG?f@&;1u8
z#SiF&UcNU){)>#n;+?lFbA%<2s1zi9pRakklJ|(HP{GC}8f!xf+D<#&UetHSD!0%e
ze&!!HHg!IM(>M0K_bK&O(|%Ut>vwfWQ}x65L84FoyE?}1d=ML2<g<j^yyV@v4_f}8
zjy6qZmgDZ@ZEEK1+TUaCG}-UTKG(qgTbfQ)IH_-AE9Y6I^ytUd70pXOI(aZ;nNK(Q
zadk$Q=w}P_m@*Hg_aV=B$81_^dO^3qUvKvtZoQx0zZP4Y&fhP6Q{@`pVy+E_e$xW$
dXIu9k7w>(><HVBY^{S%L{eOmb%Vh=Cvj9QYeqR6p