added duckdns updates to cirrostratus.
This commit is contained in:
parent
45132109d7
commit
fa96291493
|
|
@ -16,11 +16,12 @@ inputs.nixpkgs.lib.nixosSystem {
|
||||||
../../configs/nixos/common.nix
|
../../configs/nixos/common.nix
|
||||||
../../configs/nixos/tailscale.nix
|
../../configs/nixos/tailscale.nix
|
||||||
../../configs/nixos/sshd.nix
|
../../configs/nixos/sshd.nix
|
||||||
# ../../configs/nixos/secrets.nix
|
../../configs/nixos/secrets.nix
|
||||||
({
|
({
|
||||||
config,
|
config,
|
||||||
pkgs,
|
pkgs,
|
||||||
configLib,
|
configLib,
|
||||||
|
lib,
|
||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
host = {
|
host = {
|
||||||
|
|
@ -42,6 +43,18 @@ inputs.nixpkgs.lib.nixosSystem {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.duckdns = lib.mkIf (lib.hasAttrByPath ["sops" "secrets" "duckdns-token"] config) {
|
||||||
|
enable = true;
|
||||||
|
domains = ["venberg"];
|
||||||
|
tokenFile = config.sops.secrets.duckdns-token.path;
|
||||||
|
};
|
||||||
|
|
||||||
|
sops = lib.mkIf (inputs ? nix-secrets) {
|
||||||
|
secrets = {
|
||||||
|
duckdns-token.sopsFile = "${inputs.nix-secrets}/duckdns.yaml";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
home-manager.users.${config.host.user} = {
|
home-manager.users.${config.host.user} = {
|
||||||
inputs,
|
inputs,
|
||||||
osConfig,
|
osConfig,
|
||||||
|
|
@ -50,9 +63,7 @@ inputs.nixpkgs.lib.nixosSystem {
|
||||||
}: {
|
}: {
|
||||||
host = osConfig.host;
|
host = osConfig.host;
|
||||||
user = {
|
user = {
|
||||||
nvim = {
|
nvim.enable-lsp = false;
|
||||||
enable-lsp = false;
|
|
||||||
};
|
|
||||||
git = {
|
git = {
|
||||||
profile = {
|
profile = {
|
||||||
name = config.host.fullName;
|
name = config.host.fullName;
|
||||||
|
|
|
||||||
|
|
@ -39,13 +39,13 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
assertions = [
|
|
||||||
{
|
|
||||||
assertion = cfg.domains != null || cfg.domainsFile != null;
|
|
||||||
message = "services.duckdns.domains or services.duckdns.domainsFile has to be defined";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
config = lib.mkIf cfg.enable {
|
config = lib.mkIf cfg.enable {
|
||||||
|
assertions = [
|
||||||
|
{
|
||||||
|
assertion = cfg.domains != null || cfg.domainsFile != null;
|
||||||
|
message = "services.duckdns.domains or services.duckdns.domainsFile has to be defined";
|
||||||
|
}
|
||||||
|
];
|
||||||
systemd.services.duckdns = {
|
systemd.services.duckdns = {
|
||||||
description = "DuckDNS Dynamic DNS Client";
|
description = "DuckDNS Dynamic DNS Client";
|
||||||
after = ["network.target"];
|
after = ["network.target"];
|
||||||
|
|
@ -64,7 +64,11 @@ in {
|
||||||
${pkgs.replace-secret}/bin/replace-secret @token_placeholder@ ${cfg.tokenFile} $RUNTIME_DIRECTORY/curlurl
|
${pkgs.replace-secret}/bin/replace-secret @token_placeholder@ ${cfg.tokenFile} $RUNTIME_DIRECTORY/curlurl
|
||||||
|
|
||||||
# initalise the replacement file for the domains from the domains file if it exists, otherwise make it empty.
|
# initalise the replacement file for the domains from the domains file if it exists, otherwise make it empty.
|
||||||
install --mode 600 ${if (cfg.domainsFile != null) then cfg.domainsFile else "/dev/null"} $RUNTIME_DIRECTORY/domains
|
install --mode 600 ${
|
||||||
|
if (cfg.domainsFile != null)
|
||||||
|
then cfg.domainsFile
|
||||||
|
else "/dev/null"
|
||||||
|
} $RUNTIME_DIRECTORY/domains
|
||||||
# these are already in the nix store, so doesnt matter if they leak via cmdline.
|
# these are already in the nix store, so doesnt matter if they leak via cmdline.
|
||||||
echo '${lib.strings.concatStringsSep "\n" cfg.domains}' >> $RUNTIME_DIRECTORY/domains
|
echo '${lib.strings.concatStringsSep "\n" cfg.domains}' >> $RUNTIME_DIRECTORY/domains
|
||||||
${pkgs.gnused}/bin/sed -zi 's/\n/,/g' $RUNTIME_DIRECTORY/domains
|
${pkgs.gnused}/bin/sed -zi 's/\n/,/g' $RUNTIME_DIRECTORY/domains
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue