about summary refs log tree commit diff
path: root/third_party/ddclient/module.nix
# SPDX-License-Identifier: MIT
# SPDX-FileCopyrightText: Copyright (c) 2003-2023 The Nixpkgs/NixOS contributors
{ config, pkgs, lib, ... }:

let
  cfg = config.services.deprecated-ddclient;
  boolToStr = bool: if bool then "yes" else "no";
  dataDir = "/var/lib/ddclient";
  StateDirectory = builtins.baseNameOf dataDir;
  RuntimeDirectory = StateDirectory;

  configFile' = pkgs.writeText "ddclient.conf" ''
    # This file can be used as a template for configFile or is automatically generated by Nix options.
    cache=${dataDir}/ddclient.cache
    foreground=YES
    use=${cfg.use}
    login=${cfg.username}
    password=${if cfg.protocol == "nsupdate" then "/run/${RuntimeDirectory}/ddclient.key" else "@password_placeholder@"}
    protocol=${cfg.protocol}
    ${lib.optionalString (cfg.script != "") "script=${cfg.script}"}
    ${lib.optionalString (cfg.server != "") "server=${cfg.server}"}
    ${lib.optionalString (cfg.zone != "")   "zone=${cfg.zone}"}
    ssl=${boolToStr cfg.ssl}
    wildcard=YES
    quiet=${boolToStr cfg.quiet}
    verbose=${boolToStr cfg.verbose}
    ${cfg.extraConfig}
    ${lib.concatStringsSep "," cfg.domains}
  '';
  configFile = if (cfg.configFile != null) then cfg.configFile else configFile';

  preStart = ''
    install --mode=600 --owner=$USER ${configFile} /run/${RuntimeDirectory}/ddclient.conf
    ${lib.optionalString (cfg.configFile == null) (if (cfg.protocol == "nsupdate") then ''
      install --mode=600 --owner=$USER ${cfg.passwordFile} /run/${RuntimeDirectory}/ddclient.key
    '' else if (cfg.passwordFile != null) then ''
      "${pkgs.replace-secret}/bin/replace-secret" "@password_placeholder@" "${cfg.passwordFile}" "/run/${RuntimeDirectory}/ddclient.conf"
    '' else ''
      sed -i '/^password=@password_placeholder@$/d' /run/${RuntimeDirectory}/ddclient.conf
    '')}
  '';

in

with lib;

{
  ###### interface

  options = {

    services.deprecated-ddclient = with lib.types; {

      enable = mkOption {
        default = false;
        type = bool;
        description = lib.mdDoc ''
          Whether to synchronise your machine's IP address with a dynamic DNS provider (e.g. dyndns.org).
        '';
      };

      package = mkOption {
        type = package;
        default = pkgs.ddclient;
        defaultText = lib.literalExpression "pkgs.ddclient";
        description = lib.mdDoc ''
          The ddclient executable package run by the service.
        '';
      };

      domains = mkOption {
        default = [ "" ];
        type = listOf str;
        description = lib.mdDoc ''
          Domain name(s) to synchronize.
        '';
      };

      username = mkOption {
        # For `nsupdate` username contains the path to the nsupdate executable
        default = lib.optionalString (cfg.protocol == "nsupdate") "${pkgs.bind.dnsutils}/bin/nsupdate";
        defaultText = "";
        type = str;
        description = lib.mdDoc ''
          User name.
        '';
      };

      passwordFile = mkOption {
        default = null;
        type = nullOr str;
        description = lib.mdDoc ''
          A file containing the password or a TSIG key in named format when using the nsupdate protocol.
        '';
      };

      interval = mkOption {
        default = "10min";
        type = str;
        description = lib.mdDoc ''
          The interval at which to run the check and update.
          See {command}`man 7 systemd.time` for the format.
        '';
      };

      configFile = mkOption {
        default = null;
        type = nullOr path;
        description = lib.mdDoc ''
          Path to configuration file.
          When set this overrides the generated configuration from module options.
        '';
        example = "/root/nixos/secrets/ddclient.conf";
      };

      protocol = mkOption {
        default = "dyndns2";
        type = str;
        description = lib.mdDoc ''
          Protocol to use with dynamic DNS provider (see https://sourceforge.net/p/ddclient/wiki/protocols).
        '';
      };

      server = mkOption {
        default = "";
        type = str;
        description = lib.mdDoc ''
          Server address.
        '';
      };

      ssl = mkOption {
        default = true;
        type = bool;
        description = lib.mdDoc ''
          Whether to use SSL/TLS to connect to dynamic DNS provider.
        '';
      };

      quiet = mkOption {
        default = false;
        type = bool;
        description = lib.mdDoc ''
          Print no messages for unnecessary updates.
        '';
      };

      script = mkOption {
        default = "";
        type = str;
        description = lib.mdDoc ''
          script as required by some providers.
        '';
      };

      use = mkOption {
        default = "web, web=checkip.dyndns.com/, web-skip='Current IP Address: '";
        type = str;
        description = lib.mdDoc ''
          Method to determine the IP address to send to the dynamic DNS provider.
        '';
      };

      verbose = mkOption {
        default = false;
        type = bool;
        description = lib.mdDoc ''
          Print verbose information.
        '';
      };

      zone = mkOption {
        default = "";
        type = str;
        description = lib.mdDoc ''
          zone as required by some providers.
        '';
      };

      extraConfig = mkOption {
        default = "";
        type = lines;
        description = lib.mdDoc ''
          Extra configuration. Contents will be added verbatim to the configuration file.
          ::: {.note}
          `daemon` should not be added here because it does not work great with the systemd-timer approach the service uses.
          :::
        '';
      };
    };
  };


  ###### implementation

  config = mkMerge [
    (mkIf cfg.enable {
      systemd.services.ddclient = {
        description = "Dynamic DNS Client";
        wantedBy = [ "multi-user.target" ];
        after = [ "network.target" ];
        restartTriggers = optional (cfg.configFile != null) cfg.configFile;
        path = lib.optional (lib.hasPrefix "if," cfg.use) pkgs.iproute2;

        serviceConfig = {
          DynamicUser = true;
          RuntimeDirectoryMode = "0700";
          inherit RuntimeDirectory;
          inherit StateDirectory;
          Type = "oneshot";
          ExecStartPre = "!${pkgs.writeShellScript "ddclient-prestart" preStart}";
          ExecStart = "${lib.getBin cfg.package}/bin/ddclient -file /run/${RuntimeDirectory}/ddclient.conf";
        };
      };

      systemd.timers.ddclient = {
        description = "Run ddclient";
        wantedBy = [ "timers.target" ];
        timerConfig = {
          OnBootSec = cfg.interval;
          OnUnitInactiveSec = cfg.interval;
        };
      };
    })
    {
      ids.uids.ddclient = 30;
      ids.gids.ddclient = 30;
    }
  ];
}