added duckdns updates to cirrostratus.

2024-08-06 22:49:32 -05:00 · 2024-08-06 22:49:32 -05:00 · fa96291493
parent 45132109d7
commit fa96291493
2 changed files with 26 additions and 11 deletions
--- a/hosts/cirrostratus/default.nix
+++ b/hosts/cirrostratus/default.nix
@ -16,11 +16,12 @@ inputs.nixpkgs.lib.nixosSystem {
    ../../configs/nixos/common.nix
    ../../configs/nixos/tailscale.nix
    ../../configs/nixos/sshd.nix
-    # ../../configs/nixos/secrets.nix
+    ../../configs/nixos/secrets.nix
    ({
      config,
      pkgs,
      configLib,
+      lib,
      ...
    }: {
      host = {
@ -42,6 +43,18 @@ inputs.nixpkgs.lib.nixosSystem {
        };
      };

+      services.duckdns = lib.mkIf (lib.hasAttrByPath ["sops" "secrets" "duckdns-token"] config) {
+        enable = true;
+        domains = ["venberg"];
+        tokenFile = config.sops.secrets.duckdns-token.path;
+      };
+
+      sops = lib.mkIf (inputs ? nix-secrets) {
+        secrets = {
+          duckdns-token.sopsFile = "${inputs.nix-secrets}/duckdns.yaml";
+        };
+      };
+
      home-manager.users.${config.host.user} = {
        inputs,
        osConfig,
@ -50,9 +63,7 @@ inputs.nixpkgs.lib.nixosSystem {
      }: {
        host = osConfig.host;
        user = {
-          nvim = {
-            enable-lsp = false;
-          };
+          nvim.enable-lsp = false;
          git = {
            profile = {
              name = config.host.fullName;
--- a/modules/nixos/duckdns.nix
+++ b/modules/nixos/duckdns.nix
@ -39,13 +39,13 @@ in {
      };
    };
  };
-  assertions = [
-    {
-      assertion = cfg.domains != null || cfg.domainsFile != null;
-      message = "services.duckdns.domains or services.duckdns.domainsFile has to be defined";
-    }
-  ];
  config = lib.mkIf cfg.enable {
+    assertions = [
+      {
+        assertion = cfg.domains != null || cfg.domainsFile != null;
+        message = "services.duckdns.domains or services.duckdns.domainsFile has to be defined";
+      }
+    ];
    systemd.services.duckdns = {
      description = "DuckDNS Dynamic DNS Client";
      after = ["network.target"];
@ -64,7 +64,11 @@ in {
        ${pkgs.replace-secret}/bin/replace-secret @token_placeholder@ ${cfg.tokenFile} $RUNTIME_DIRECTORY/curlurl

        # initalise the replacement file for the domains from the domains file if it exists, otherwise make it empty.
-        install --mode 600 ${if (cfg.domainsFile != null) then cfg.domainsFile else "/dev/null"} $RUNTIME_DIRECTORY/domains
+        install --mode 600 ${
+          if (cfg.domainsFile != null)
+          then cfg.domainsFile
+          else "/dev/null"
+        } $RUNTIME_DIRECTORY/domains
        # these are already in the nix store, so doesnt matter if they leak via cmdline.
        echo '${lib.strings.concatStringsSep "\n" cfg.domains}' >>  $RUNTIME_DIRECTORY/domains
        ${pkgs.gnused}/bin/sed -zi 's/\n/,/g' $RUNTIME_DIRECTORY/domains