diff options
| author | Griffin Smith <grfn@gws.fyi> | 2021-04-01T14·19-0400 |
|---|---|---|
| committer | glittershark <grfn@gws.fyi> | 2021-04-01T14·32+0000 |
| commit | 892fcdc5ab37cde86b9407986ccbf4ee4f45eee4 (patch) | |
| tree | fe5fdf25e0469852ac766b34960511c369a2ebdf /users/glittershark/system/system/machines/mugwump.nix | |
| parent | a5f2b446aa6e33b533cf9e16c325cf2360f69693 (diff) | |
feat(gs/mugwump): Set up ddclient r/2386
The way this loads the api key is a hack, but also... I don't care! Change-Id: I4d417b1a824007620661188b60b21a1f73867dca Reviewed-on: https://cl.tvl.fyi/c/depot/+/2747 Reviewed-by: glittershark <grfn@gws.fyi> Tested-by: BuildkiteCI
Diffstat (limited to 'users/glittershark/system/system/machines/mugwump.nix')
| -rw-r--r-- | users/glittershark/system/system/machines/mugwump.nix | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/users/glittershark/system/system/machines/mugwump.nix b/users/glittershark/system/system/machines/mugwump.nix index 22d9e7cd06..12524ffeb9 100644 --- a/users/glittershark/system/system/machines/mugwump.nix +++ b/users/glittershark/system/system/machines/mugwump.nix @@ -114,6 +114,32 @@ with lib; }; }; + services.ddclient = { + enable = true; + domains = [ "home.gws.fyi" ]; + interval = "1d"; + zone = "gws.fyi"; + protocol = "cloudflare"; + username = "root@gws.fyi"; + quiet = true; + }; + + systemd.services.ddclient.serviceConfig = { + EnvironmentFile = "/etc/secrets/cloudflare.env"; + DynamicUser = lib.mkForce false; + ExecStart = lib.mkForce ( + let runtimeDir = + config.systemd.services.ddclient.serviceConfig.RuntimeDirectory; + in pkgs.writeShellScript "ddclient" '' + set -eo pipefail + + ${pkgs.gnused}/bin/sed -i -s s/password=/password=$CLOUDFLARE_API_KEY/ /run/${runtimeDir}/ddclient.conf + exec ${pkgs.ddclient}/bin/ddclient \ + -file /run/${runtimeDir}/ddclient.conf \ + -login=$CLOUDFLARE_EMAIL \ + ''); + }; + security.acme.certs."metrics.gws.fyi" = { dnsProvider = "namecheap"; credentialsFile = "/etc/secrets/namecheap.env"; |