diff options
author | Griffin Smith <grfn@gws.fyi> | 2022-01-17T23·05-0500 |
---|---|---|
committer | grfn <grfn@gws.fyi> | 2022-01-20T14·32+0000 |
commit | d92ffcc751a586f9fe86005294e327547c1eb5df (patch) | |
tree | ed6b4860eb0c120577e815586f113f6f19b28cc9 | |
parent | a366008053bda6a171709df8f410d21fa9a56e30 (diff) |
fix(grfn/mugwump): Update for new ddclient config format r/3645
There's a passwordFile option now! Change-Id: I7aa21891c3502ceddcb0bb08a83a5a3a8a6bcdc9 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5025 Reviewed-by: grfn <grfn@gws.fyi> Autosubmit: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI
-rw-r--r-- | users/grfn/secrets/ddclient-password.age | 9 | ||||
-rw-r--r-- | users/grfn/secrets/secrets.nix | 1 | ||||
-rw-r--r-- | users/grfn/system/system/machines/mugwump.nix | 18 |
3 files changed, 12 insertions, 16 deletions
diff --git a/users/grfn/secrets/ddclient-password.age b/users/grfn/secrets/ddclient-password.age new file mode 100644 index 000000000000..0de870710571 --- /dev/null +++ b/users/grfn/secrets/ddclient-password.age @@ -0,0 +1,9 @@ +age-encryption.org/v1 +-> ssh-ed25519 CpJBgQ 1Yw1EllkiG38qEQ03eN1p8WzC74zKb6YIuZMb3RD0ik +P7iAo2rCex8XkCyWKjTSecAZDg5wokrfBLRk/Nl479w +-> ssh-ed25519 LfBFbQ /cMWDtN+SlCs7WsomkngPpPK/4RHpCDZr2bg+jyqHEs +bgnNTXhxYtW84twA7ty9RWgycABW0MI9OEk69TRT2ro +-> Ujl-grease l_8cO.F +pw/kCMvXCg4my4M +--- m3jMrTCJFA1bGgKERiAhAYvXt/++wWzva0CVdtz3cgQ +]>'C[�*�*�j�!��`�7�<��Q���m�I�7tGW �ϳ;�{Ja��n�p���ש`b�t�� \ No newline at end of file diff --git a/users/grfn/secrets/secrets.nix b/users/grfn/secrets/secrets.nix index 2208ba6893fa..557f2a70f1ef 100644 --- a/users/grfn/secrets/secrets.nix +++ b/users/grfn/secrets/secrets.nix @@ -7,4 +7,5 @@ in { "bbbg.age".publicKeys = [ grfn mugwump bbbg ]; "cloudflare.age".publicKeys = [ grfn mugwump ]; + "ddclient-password.age".publicKeys = [ grfn mugwump ]; } diff --git a/users/grfn/system/system/machines/mugwump.nix b/users/grfn/system/system/machines/mugwump.nix index 8d673420f9d8..a9f876972539 100644 --- a/users/grfn/system/system/machines/mugwump.nix +++ b/users/grfn/system/system/machines/mugwump.nix @@ -71,6 +71,7 @@ with lib; in { bbbg.file = secret "bbbg"; cloudflare.file = secret "cloudflare"; + ddclient-password.file = secret "ddclient-password"; }; services.depot.auto-deploy = { @@ -137,25 +138,10 @@ with lib; zone = "gws.fyi"; protocol = "cloudflare"; username = "root@gws.fyi"; + passwordFile = "/run/agenix/ddclient-password"; quiet = true; }; - systemd.services.ddclient.serviceConfig = { - EnvironmentFile = "/run/agenix/cloudflare"; - DynamicUser = lib.mkForce false; - ExecStart = lib.mkForce ( - let runtimeDir = - config.systemd.services.ddclient.serviceConfig.RuntimeDirectory; - in pkgs.writeShellScript "ddclient" '' - set -eo pipefail - - ${pkgs.gnused}/bin/sed -i -s s/password=/password=$CLOUDFLARE_API_KEY/ /run/${runtimeDir}/ddclient.conf - exec ${pkgs.ddclient}/bin/ddclient \ - -file /run/${runtimeDir}/ddclient.conf \ - -login=$CLOUDFLARE_EMAIL \ - ''); - }; - security.acme.certs."metrics.gws.fyi" = { dnsProvider = "cloudflare"; credentialsFile = "/run/agenix/cloudflare"; |