about summary refs log tree commit diff
diff options
context:
space:
mode:
authorGriffin Smith <grfn@gws.fyi>2022-01-17T23·05-0500
committergrfn <grfn@gws.fyi>2022-01-20T14·32+0000
commitd92ffcc751a586f9fe86005294e327547c1eb5df (patch)
treeed6b4860eb0c120577e815586f113f6f19b28cc9
parenta366008053bda6a171709df8f410d21fa9a56e30 (diff)
fix(grfn/mugwump): Update for new ddclient config format r/3645
There's a passwordFile option now!

Change-Id: I7aa21891c3502ceddcb0bb08a83a5a3a8a6bcdc9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5025
Reviewed-by: grfn <grfn@gws.fyi>
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
-rw-r--r--users/grfn/secrets/ddclient-password.age9
-rw-r--r--users/grfn/secrets/secrets.nix1
-rw-r--r--users/grfn/system/system/machines/mugwump.nix18
3 files changed, 12 insertions, 16 deletions
diff --git a/users/grfn/secrets/ddclient-password.age b/users/grfn/secrets/ddclient-password.age
new file mode 100644
index 000000000000..0de870710571
--- /dev/null
+++ b/users/grfn/secrets/ddclient-password.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 CpJBgQ 1Yw1EllkiG38qEQ03eN1p8WzC74zKb6YIuZMb3RD0ik
+P7iAo2rCex8XkCyWKjTSecAZDg5wokrfBLRk/Nl479w
+-> ssh-ed25519 LfBFbQ /cMWDtN+SlCs7WsomkngPpPK/4RHpCDZr2bg+jyqHEs
+bgnNTXhxYtW84twA7ty9RWgycABW0MI9OEk69TRT2ro
+-> Ujl-grease l_8cO.F
+pw/kCMvXCg4my4M
+--- m3jMrTCJFA1bGgKERiAhAYvXt/++wWzva0CVdtz3cgQ
+]>'C[�*�*�j�!��`�7�<��Q���m�I�7tGW �ϳ;�{Ja��n�p���ש`b�t��
\ No newline at end of file
diff --git a/users/grfn/secrets/secrets.nix b/users/grfn/secrets/secrets.nix
index 2208ba6893fa..557f2a70f1ef 100644
--- a/users/grfn/secrets/secrets.nix
+++ b/users/grfn/secrets/secrets.nix
@@ -7,4 +7,5 @@ in
 {
   "bbbg.age".publicKeys = [ grfn mugwump bbbg ];
   "cloudflare.age".publicKeys = [ grfn mugwump ];
+  "ddclient-password.age".publicKeys = [ grfn mugwump ];
 }
diff --git a/users/grfn/system/system/machines/mugwump.nix b/users/grfn/system/system/machines/mugwump.nix
index 8d673420f9d8..a9f876972539 100644
--- a/users/grfn/system/system/machines/mugwump.nix
+++ b/users/grfn/system/system/machines/mugwump.nix
@@ -71,6 +71,7 @@ with lib;
   in {
     bbbg.file = secret "bbbg";
     cloudflare.file = secret "cloudflare";
+    ddclient-password.file = secret "ddclient-password";
   };
 
   services.depot.auto-deploy = {
@@ -137,25 +138,10 @@ with lib;
     zone = "gws.fyi";
     protocol = "cloudflare";
     username = "root@gws.fyi";
+    passwordFile = "/run/agenix/ddclient-password";
     quiet = true;
   };
 
-  systemd.services.ddclient.serviceConfig = {
-    EnvironmentFile = "/run/agenix/cloudflare";
-    DynamicUser = lib.mkForce false;
-    ExecStart = lib.mkForce (
-      let runtimeDir =
-            config.systemd.services.ddclient.serviceConfig.RuntimeDirectory;
-      in pkgs.writeShellScript "ddclient" ''
-        set -eo pipefail
-
-        ${pkgs.gnused}/bin/sed -i -s s/password=/password=$CLOUDFLARE_API_KEY/ /run/${runtimeDir}/ddclient.conf
-        exec ${pkgs.ddclient}/bin/ddclient \
-          -file /run/${runtimeDir}/ddclient.conf \
-          -login=$CLOUDFLARE_EMAIL \
-      '');
-  };
-
   security.acme.certs."metrics.gws.fyi" = {
     dnsProvider = "cloudflare";
     credentialsFile = "/run/agenix/cloudflare";