v1 of duckdns update service.

configs/home-manager/common.nix

@@ -25,7 +25,7 @@
       };
     };
   imports = [
-    ../../modules/hostopts.nix
+    ../../modules/nixos/hostopts.nix
     ../../modules/home-manager
   ];
 }

configs/nixos/common.nix

@@ -61,7 +61,7 @@ in {
     else defaultPasswordHash;
 
   imports = [
-    ../../modules/hostopts.nix
+    ../../modules/nixos
   ];
 
   home-manager.useGlobalPkgs = true;

flake.nix

@@ -96,7 +96,6 @@
       rockhole = import ./hosts/rockhole64 {inherit inputs configLib;};
       cirrus = import ./hosts/cirrus {inherit inputs configLib;};
       cirrostratus = import ./hosts/cirrostratus {inherit inputs configLib;};
-      remotepi-karp = import ./hosts/remotepi-karp {inherit inputs configLib;};
     };
 
     # Standalone home-manager configuration entrypoint

hosts/cirrostratus/default.nix

@@ -50,6 +50,9 @@ inputs.nixpkgs.lib.nixosSystem {
       }: {
         host = osConfig.host;
         user = {
+          nvim = {
+            enable-lsp = false;
+          };
           git = {
             profile = {
               name = config.host.fullName;
@@ -59,7 +62,7 @@ inputs.nixpkgs.lib.nixosSystem {
           };
         };
         imports = [
-          ../../roles/home-manager/minimal-terminal.nix
+          ../../roles/home-manager/terminal.nix
           ../../configs/home-manager/common.nix
           inputs.nixvim.homeManagerModules.nixvim
         ];

hosts/remotepi-karp/default.nix

@@ -1,108 +0,0 @@
-{
-  inputs,
-  configLib,
-  ...
-}:
-inputs.nixpkgs.lib.nixosSystem {
-  system = "aarch64-linux";
-  specialArgs = {inherit inputs configLib;};
-  modules = [
-    inputs.home-manager.nixosModules.home-manager
-    inputs.disko.nixosModules.disko
-    inputs.nixos-hardware.nixosModules.raspberry-pi-3
-
-    ../../configs/nixos/common.nix
-    ../../configs/nixos/sshd.nix
-    # ../../configs/nixos/secrets.nix
-    ../../configs/nixos/tailscale.nix
-    ({
-      config,
-      pkgs,
-      lib,
-      configLib,
-      modulesPath,
-      ...
-    }: {
-      hardware.enableRedistributableFirmware = true;
-      host = {
-        user = "gabe";
-        fullName = "Gabe Venberg";
-      };
-      networking.hostName = "remotepi-karp"; # Define your hostname.
-      networking.hostId = "8efd3e13";
-      networking.useNetworkd = true;
-      systemd.network = {
-        enable = true;
-        networks."eth0" = {
-          name = "eth0";
-          DHCP = "yes";
-          # address = ["10.10.10.31/24"];
-          # gateway = ["10.10.10.1"];
-          # dns = ["1.1.1.1"];
-        };
-      };
-      fileSystems = {
-        "/" = {
-          device = "/dev/disk/by-label/NIXOS_SD";
-          fsType = "ext4";
-          options = ["noatime"];
-        };
-      };
-
-      time.timeZone = "America/Chicago";
-
-      # home-manager.sharedModules = [
-      #   inputs.sops-nix.homeManagerModules.sops
-      # ];
-      home-manager.users.${config.host.user} = {
-        inputs,
-        osConfig,
-        lib,
-        ...
-      }: {
-        host = osConfig.host;
-        user = {
-          git = {
-            profile = {
-              name = config.host.fullName;
-              email = "gabevenberg@gmail.com";
-            };
-            workProfile.enable = false;
-          };
-        };
-        imports = [
-          ../../roles/home-manager/minimal-terminal.nix
-          ../../configs/home-manager/common.nix
-          inputs.nixvim.homeManagerModules.nixvim
-          # ../../configs/home-manager/secrets.nix
-        ];
-
-        # sops = lib.mkIf (inputs ? nix-secrets) {
-        #   secrets = {
-        #   };
-        # };
-      };
-
-      # Open ports in the firewall.
-      # networking.firewall.allowedTCPPorts = [ ... ];
-      # networking.firewall.allowedUDPPorts = [ ... ];
-      # Or disable the firewall altogether.
-      # networking.firewall.enable = false;
-
-      boot.supportedFilesystems.zfs = lib.mkForce false;
-      boot.kernelParams = [
-        "console=ttyS1,115200n8"
-      ];
-      boot.loader.grub.enable = false;
-      boot.loader.generic-extlinux-compatible.enable = true;
-
-      # This value determines the NixOS release from which the default
-      # settings for stateful data, like file locations and database versions
-      # on your system were taken. It‘s perfectly fine and recommended to leave
-      # this value at the release version of the first install of this system.
-      # Before changing this value read the documentation for this option
-      # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-      system.stateVersion = "24.05"; # Did you read the comment?
-    })
-  ];
-}

modules/nixos/default.nix

@@ -0,0 +1,6 @@
+{
+  imports = [
+    ./duckdns.nix
+    ./hostopts.nix
+  ];
+}

modules/nixos/duckdns.nix

@@ -0,0 +1,77 @@
+{
+  inputs,
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  cfg = config.services.duckdns;
+  urlFile = pkgs.writeText "curlurl" "url=https://www.duckdns.org/update?domains=@domains_placeholder@&token=@token_placeholder@&ip=";
+in {
+  # partially taken from https://github.com/NixOS/nixpkgs/pull/294489
+  options = {
+    services.duckdns = {
+      enable = lib.mkEnableOption "Enable duckdns updating";
+      tokenFile = lib.mkOption {
+        default = null;
+        type = lib.types.path;
+        description = ''
+          The path to a file containing the token
+          used to authenticate with DuckDNS.
+        '';
+      };
+      domains = lib.mkOption {
+        type = lib.types.nullOr (lib.types.listOf lib.types.str);
+        example = ["examplehost"];
+        description = lib.mdDoc ''
+          The record(s) to update in DuckDNS
+          (without the .duckdns.org prefix)
+        '';
+      };
+      domainsFile = lib.mkOption {
+        default = null;
+        type = lib.types.nullOr lib.types.path;
+        description = ''
+          The path to a file containing a
+          newline-separated list of DuckDNS
+          domain(s) to be updated
+        '';
+      };
+    };
+  };
+  assertions = [
+    {
+      assertion = cfg.domains != null || cfg.domainsFile != null;
+      message = "services.duckdns.domains or services.duckdns.domainsFile has to be defined";
+    }
+  ];
+  config = lib.mkIf cfg.enable {
+    systemd.services.duckdns = {
+      description = "DuckDNS Dynamic DNS Client";
+      after = ["network.target"];
+      wantedBy = ["multi-user.target"];
+      # every 5 minutes
+      startAt = "*:00/5:00";
+      serviceConfig = {
+        Type = "simple";
+        DynamicUser = true;
+        RuntimeDirectory = "duckdns-update";
+        RuntimeDirectoryMode = "700";
+      };
+      script = ''
+        install --mode 600 ${urlFile} $RUNTIME_DIRECTORY/curlurl
+        # replace the token
+        ${pkgs.replace-secret}/bin/replace-secret @token_placeholder@ ${cfg.tokenFile} $RUNTIME_DIRECTORY/curlurl
+
+        # initalise the replacement file for the domains from the domains file if it exists, otherwise make it empty.
+        install --mode 600 ${if (cfg.domainsFile != null) then cfg.domainsFile else "/dev/null"} $RUNTIME_DIRECTORY/domains
+        # these are already in the nix store, so doesnt matter if they leak via cmdline.
+        echo '${lib.strings.concatStringsSep "\n" cfg.domains}' >>  $RUNTIME_DIRECTORY/domains
+        ${pkgs.gnused}/bin/sed -zi 's/\n/,/g' $RUNTIME_DIRECTORY/domains
+        ${pkgs.replace-secret}/bin/replace-secret @domains_placeholder@ $RUNTIME_DIRECTORY/domains $RUNTIME_DIRECTORY/curlurl
+
+        ${pkgs.curl}/bin/curl --no-progress-meter --insecure --config $RUNTIME_DIRECTORY/curlurl | ${pkgs.gnugrep}/bin/grep -v "KO"
+      '';
+    };
+  };
+}