From fa96291493eddd6e1fa479fc95744f39c60aa4b3 Mon Sep 17 00:00:00 2001
From: Gabe Venberg <gabevenberg@gmail.com>
Date: Tue, 6 Aug 2024 22:49:32 -0500
Subject: [PATCH] added duckdns updates to cirrostratus.

---
 hosts/cirrostratus/default.nix | 19 +++++++++++++++----
 modules/nixos/duckdns.nix      | 18 +++++++++++-------
 2 files changed, 26 insertions(+), 11 deletions(-)

diff --git a/hosts/cirrostratus/default.nix b/hosts/cirrostratus/default.nix
index 476408e..9c7a1a0 100644
--- a/hosts/cirrostratus/default.nix
+++ b/hosts/cirrostratus/default.nix
@@ -16,11 +16,12 @@ inputs.nixpkgs.lib.nixosSystem {
     ../../configs/nixos/common.nix
     ../../configs/nixos/tailscale.nix
     ../../configs/nixos/sshd.nix
-    # ../../configs/nixos/secrets.nix
+    ../../configs/nixos/secrets.nix
     ({
       config,
       pkgs,
       configLib,
+      lib,
       ...
     }: {
       host = {
@@ -42,6 +43,18 @@ inputs.nixpkgs.lib.nixosSystem {
         };
       };
 
+      services.duckdns = lib.mkIf (lib.hasAttrByPath ["sops" "secrets" "duckdns-token"] config) {
+        enable = true;
+        domains = ["venberg"];
+        tokenFile = config.sops.secrets.duckdns-token.path;
+      };
+
+      sops = lib.mkIf (inputs ? nix-secrets) {
+        secrets = {
+          duckdns-token.sopsFile = "${inputs.nix-secrets}/duckdns.yaml";
+        };
+      };
+
       home-manager.users.${config.host.user} = {
         inputs,
         osConfig,
@@ -50,9 +63,7 @@ inputs.nixpkgs.lib.nixosSystem {
       }: {
         host = osConfig.host;
         user = {
-          nvim = {
-            enable-lsp = false;
-          };
+          nvim.enable-lsp = false;
           git = {
             profile = {
               name = config.host.fullName;
diff --git a/modules/nixos/duckdns.nix b/modules/nixos/duckdns.nix
index 46d7807..1a566b1 100644
--- a/modules/nixos/duckdns.nix
+++ b/modules/nixos/duckdns.nix
@@ -39,13 +39,13 @@ in {
       };
     };
   };
-  assertions = [
-    {
-      assertion = cfg.domains != null || cfg.domainsFile != null;
-      message = "services.duckdns.domains or services.duckdns.domainsFile has to be defined";
-    }
-  ];
   config = lib.mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.domains != null || cfg.domainsFile != null;
+        message = "services.duckdns.domains or services.duckdns.domainsFile has to be defined";
+      }
+    ];
     systemd.services.duckdns = {
       description = "DuckDNS Dynamic DNS Client";
       after = ["network.target"];
@@ -64,7 +64,11 @@ in {
         ${pkgs.replace-secret}/bin/replace-secret @token_placeholder@ ${cfg.tokenFile} $RUNTIME_DIRECTORY/curlurl
 
         # initalise the replacement file for the domains from the domains file if it exists, otherwise make it empty.
-        install --mode 600 ${if (cfg.domainsFile != null) then cfg.domainsFile else "/dev/null"} $RUNTIME_DIRECTORY/domains
+        install --mode 600 ${
+          if (cfg.domainsFile != null)
+          then cfg.domainsFile
+          else "/dev/null"
+        } $RUNTIME_DIRECTORY/domains
         # these are already in the nix store, so doesnt matter if they leak via cmdline.
         echo '${lib.strings.concatStringsSep "\n" cfg.domains}' >>  $RUNTIME_DIRECTORY/domains
         ${pkgs.gnused}/bin/sed -zi 's/\n/,/g' $RUNTIME_DIRECTORY/domains