Add DNS updater service

hosts/monolith/default.nix

@@ -3,6 +3,7 @@
   imports = [
     self.nixosModules.common
     self.nixosModules.server
+    ./dns.nix
   ];
 
   networking = {

hosts/monolith/dns.nix

@@ -0,0 +1,34 @@
+{ secrets, pkgs, ... }:
+{
+  systemd.services.update-dns = {
+    serviceConfig.Type = "oneshot";
+    description = "Update the leaf.ninja DNS records";
+    path = with pkgs; [ curl jq ];
+    script = ''
+      public_ip=$(curl -s https://ifconfig.me/ip)
+      endpoint="https://api.gandi.net/v5/livedns/domains/leaf.ninja/records"
+      curl -s \
+        -X PUT \
+        -H "Authorization: Bearer ${secrets.gandi.token}" \
+        -H "Content-Type: application/json" \
+        -d "{\"rrset_values\":[\"$public_ip\"]}" \
+        "$ENDPOINT/%2A/A" | jq
+      curl -s \
+        -X PUT \
+        -H "Authorization: Bearer ${secrets.gandi.token}" \
+        -H "Content-Type: application/json" \
+        -d "{\"rrset_values\":[\"$public_ip\"]}" \
+        "$ENDPOINT/%40/A" | jq
+    '';
+  };
+
+  systemd.timers.update-dns = {
+    wantedBy = [ "timers.target" ];
+    partOf = [ "update-dns.service" ];
+    timerConfig = {
+      OnBootSec = "15m";
+      OnUnitActiveSec = "15m";
+      Unit = "update-dns.service";
+    };
+  };
+}

modules/common.nix

@@ -37,5 +37,8 @@
     joinNetworks = secrets.zerotier.networks;
   };
 
-  environment.systemPackages = [ pkgs.git-crypt ];
+  environment.systemPackages = with pkgs; [
+    git-crypt
+    jq
+  ];
 }