stuff

common/dns/default.nix

@@ -0,0 +1,15 @@
+{
+  dns,
+  lib,
+  ...
+}:
+let
+  inherit (lib) mkOption types;
+in
+{
+  imports = [ ./jean-luc.org.nix ];
+  options.vacu.dns = mkOption {
+    default = {};
+    type = types.attrsOf dns.lib.types.zone;
+  };
+}

common/dns/jean-luc.org.nix

@@ -0,0 +1,16 @@
+{
+  dns,
+  ...
+}: {
+  vacu.dns."jean-luc.org" = {
+    SOA = {
+      nameServer = "ns51.cloudns.net";
+      adminEmail = "test@example.com";
+      serial = 123456;
+    };
+    A = [ "1.2.3.4" ];
+    TXT = [
+      (dns.lib.combinators.spf.strict [ "1.2.3.4" ])
+    ];
+  };
+}

common/module.nix

@@ -20,6 +20,7 @@ in
     ./defaultPackages.nix
     ./lib
     ./sops.nix
+    ./dns
   ];
   options = {
     vacu.rootCAs = mkOption { type = types.listOf types.str; };

flake.lock

@@ -96,6 +96,29 @@
         "type": "github"
       }
     },
+    "dns": {
+      "inputs": {
+        "flake-utils": [
+          "flake-utils"
+        ],
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1726867691,
+        "narHash": "sha256-IK3r16N9pizf53AipOmrcrcyjVsPJwC4PI5hIqEyKwQ=",
+        "owner": "nix-community",
+        "repo": "dns.nix",
+        "rev": "a3196708a56dee76186a9415c187473b94e6cbae",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "dns.nix",
+        "type": "github"
+      }
+    },
     "dream2nix": {
       "inputs": {
         "nixpkgs": [
@@ -1252,6 +1275,7 @@
     "root": {
       "inputs": {
         "disko-unstable": "disko-unstable",
+        "dns": "dns",
         "flake-utils": "flake-utils",
         "home-manager": "home-manager",
         "home-manager-unstable": "home-manager-unstable",

flake.nix

@@ -86,6 +86,11 @@
       inputs.nixpkgs.follows = "nixpkgs-unstable";
     };
     sm64baserom.url = "git+https://git.uninsane.org/shelvacu/sm64baserom.git";
+    dns = {
+      url = "github:nix-community/dns.nix";
+      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.flake-utils.follows = "flake-utils";
+    };
   };
 
   outputs =
@@ -131,6 +136,7 @@
             inputs = thisInputs // {
               inherit (inputs) self;
             };
+            inherit (inputs) dns;
           };
           inherit system;
           modules = [ module ];
@@ -196,6 +202,7 @@
               nix-inspect
               ;
           };
+          inherit (inputs) dns;
         };
         pkgs = mkPkgs arm;
       };
@@ -341,6 +348,7 @@
           specialArgs = {
             inherit pkgs;
             inherit (pkgs) lib;
+            inherit (inputs) dns;
           };
         };
       in
@@ -350,6 +358,7 @@
           type = "app";
           program = lib.getExe self.packages.${system}.wrappedSops;
         };
+        vacuconfig = plain.config;
         packages = rec {
           z3 = pkgs.callPackage ./packages/z3 { };
           bandcamp-collection-downloader = pkgs.callPackage ./packages/bcd { };
@@ -364,7 +373,7 @@
           );
           update-git-keys = pkgs.callPackage ./scripts/update-git-keys.nix { inherit (plain) config; };
           inherit (plain.config.vacu) sopsConfig wrappedSops;
-          dns = import ./scripts/dns { inherit pkgs; inherit (plain) config; };
+          dns = import ./scripts/dns { inherit pkgs lib inputs; inherit (plain) config; };
           nixvim = inputs.nixvim.legacyPackages.${system}.makeNixvimWithModule {
             extraSpecialArgs = {
               inputs = { };

scripts/dns/default.nix

@@ -1,23 +1,18 @@
 {
   pkgs,
   config,
+  lib,
   ...
 }:
-pkgs.writers.writePython3Bin "dns" {
+let
+  pythonScript = builtins.replaceStrings [
+    "@sops@"
+    "@dns_secrets_file@"
+  ] [
+    (lib.getExe config.vacu.wrappedSops) 
+    (builtins.toString ../../secrets/misc/cloudns.json)
+  ] (builtins.readFile ./script.py);
+in
+pkgs.writers.writePython3Bin "dns-update" {
   libraries = [ pkgs.python3Packages.httpx ];
-} ''
-# flake8: noqa
-import httpx
-import os
-from pprint import pp
-auth_id = os.environ["CLOUDNS_AUTH_ID"]
-auth_password = os.environ["CLOUDNS_AUTH_PASSWORD"]
-
-base_url = "https://api.cloudns.net"
-auth_params = {
-  "auth-id": auth_id,
-  "auth-password": auth_password,
-}
-res = httpx.get(base_url + "/dns/records.json", params={"domain-name": "jean-luc.org", "rows-per-page": 100, **auth_params}).json()
-pp(res)
-''
+} pythonScript

scripts/dns/script.py

@@ -0,0 +1,33 @@
+# flake8: noqa
+import os
+import subprocess
+import json
+from pprint import pp
+import httpx
+
+# todo: dnspython to read builtins.toString vacuconfig.x86_64-linux.vacu.dns."jean-luc.org"
+
+SOPS_BIN = '@sops@'
+DNS_SECRETS_FILE = '@dns_secrets_file@'
+
+secrets_json = subprocess.check_output([SOPS_BIN, "-d", DNS_SECRETS_FILE])
+secrets = json.loads(secrets_json)
+
+AUTH_ID = secrets["auth_id"]
+AUTH_PASSWORD = secrets["auth_password"]
+
+BASE_URL = "https://api.cloudns.net"
+
+def req(path, **kwargs):
+    auth_params = {
+      "auth-id": AUTH_ID,
+      "auth-password": AUTH_PASSWORD,
+    }
+
+    params = { k.replace("_","-"): v for k, v in kwargs.items() }
+
+    return httpx.get(BASE_URL + path, params={**auth_params, **params}).json()
+
+res = req("/dns/records.json", domain_name = "jean-luc.org", rows_per_page = 100)
+#records = [x for x in res.values()]
+pp(res.get("status"))