diff options
| -rw-r--r-- | third_party/ddclient/default.nix | 7 | ||||
| -rw-r--r-- | third_party/ddclient/module.nix | 230 | ||||
| -rw-r--r-- | third_party/ddclient/pkg.nix | 45 | ||||
| -rw-r--r-- | third_party/overlays/tvl.nix | 14 | ||||
| -rw-r--r-- | third_party/sources/sources.json | 54 | ||||
| -rw-r--r-- | tools/magrathea/default.nix | 2 | ||||
| -rw-r--r-- | users/grfn/system/system/machines/mugwump.nix | 4 |
7 files changed, 324 insertions, 32 deletions
diff --git a/third_party/ddclient/default.nix b/third_party/ddclient/default.nix new file mode 100644 index 000000000000..a3fcd639af84 --- /dev/null +++ b/third_party/ddclient/default.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: + +(pkgs.callPackage ./pkg.nix { }).overrideAttrs (old: { + passthru = old.passthru // { + module = ./module.nix; + }; +}) diff --git a/third_party/ddclient/module.nix b/third_party/ddclient/module.nix new file mode 100644 index 000000000000..c8d68f9be932 --- /dev/null +++ b/third_party/ddclient/module.nix @@ -0,0 +1,230 @@ +# SPDX-License-Identifier: MIT +# SPDX-FileCopyrightText: Copyright (c) 2003-2023 The Nixpkgs/NixOS contributors +{ config, pkgs, lib, ... }: + +let + cfg = config.services.deprecated-ddclient; + boolToStr = bool: if bool then "yes" else "no"; + dataDir = "/var/lib/ddclient"; + StateDirectory = builtins.baseNameOf dataDir; + RuntimeDirectory = StateDirectory; + + configFile' = pkgs.writeText "ddclient.conf" '' + # This file can be used as a template for configFile or is automatically generated by Nix options. + cache=${dataDir}/ddclient.cache + foreground=YES + use=${cfg.use} + login=${cfg.username} + password=${if cfg.protocol == "nsupdate" then "/run/${RuntimeDirectory}/ddclient.key" else "@password_placeholder@"} + protocol=${cfg.protocol} + ${lib.optionalString (cfg.script != "") "script=${cfg.script}"} + ${lib.optionalString (cfg.server != "") "server=${cfg.server}"} + ${lib.optionalString (cfg.zone != "") "zone=${cfg.zone}"} + ssl=${boolToStr cfg.ssl} + wildcard=YES + quiet=${boolToStr cfg.quiet} + verbose=${boolToStr cfg.verbose} + ${cfg.extraConfig} + ${lib.concatStringsSep "," cfg.domains} + ''; + configFile = if (cfg.configFile != null) then cfg.configFile else configFile'; + + preStart = '' + install --mode=600 --owner=$USER ${configFile} /run/${RuntimeDirectory}/ddclient.conf + ${lib.optionalString (cfg.configFile == null) (if (cfg.protocol == "nsupdate") then '' + install --mode=600 --owner=$USER ${cfg.passwordFile} /run/${RuntimeDirectory}/ddclient.key + '' else if (cfg.passwordFile != null) then '' + "${pkgs.replace-secret}/bin/replace-secret" "@password_placeholder@" "${cfg.passwordFile}" "/run/${RuntimeDirectory}/ddclient.conf" + '' else '' + sed -i '/^password=@password_placeholder@$/d' /run/${RuntimeDirectory}/ddclient.conf + '')} + ''; + +in + +with lib; + +{ + ###### interface + + options = { + + services.deprecated-ddclient = with lib.types; { + + enable = mkOption { + default = false; + type = bool; + description = lib.mdDoc '' + Whether to synchronise your machine's IP address with a dynamic DNS provider (e.g. dyndns.org). + ''; + }; + + package = mkOption { + type = package; + default = pkgs.ddclient; + defaultText = lib.literalExpression "pkgs.ddclient"; + description = lib.mdDoc '' + The ddclient executable package run by the service. + ''; + }; + + domains = mkOption { + default = [ "" ]; + type = listOf str; + description = lib.mdDoc '' + Domain name(s) to synchronize. + ''; + }; + + username = mkOption { + # For `nsupdate` username contains the path to the nsupdate executable + default = lib.optionalString (cfg.protocol == "nsupdate") "${pkgs.bind.dnsutils}/bin/nsupdate"; + defaultText = ""; + type = str; + description = lib.mdDoc '' + User name. + ''; + }; + + passwordFile = mkOption { + default = null; + type = nullOr str; + description = lib.mdDoc '' + A file containing the password or a TSIG key in named format when using the nsupdate protocol. + ''; + }; + + interval = mkOption { + default = "10min"; + type = str; + description = lib.mdDoc '' + The interval at which to run the check and update. + See {command}`man 7 systemd.time` for the format. + ''; + }; + + configFile = mkOption { + default = null; + type = nullOr path; + description = lib.mdDoc '' + Path to configuration file. + When set this overrides the generated configuration from module options. + ''; + example = "/root/nixos/secrets/ddclient.conf"; + }; + + protocol = mkOption { + default = "dyndns2"; + type = str; + description = lib.mdDoc '' + Protocol to use with dynamic DNS provider (see https://sourceforge.net/p/ddclient/wiki/protocols). + ''; + }; + + server = mkOption { + default = ""; + type = str; + description = lib.mdDoc '' + Server address. + ''; + }; + + ssl = mkOption { + default = true; + type = bool; + description = lib.mdDoc '' + Whether to use SSL/TLS to connect to dynamic DNS provider. + ''; + }; + + quiet = mkOption { + default = false; + type = bool; + description = lib.mdDoc '' + Print no messages for unnecessary updates. + ''; + }; + + script = mkOption { + default = ""; + type = str; + description = lib.mdDoc '' + script as required by some providers. + ''; + }; + + use = mkOption { + default = "web, web=checkip.dyndns.com/, web-skip='Current IP Address: '"; + type = str; + description = lib.mdDoc '' + Method to determine the IP address to send to the dynamic DNS provider. + ''; + }; + + verbose = mkOption { + default = false; + type = bool; + description = lib.mdDoc '' + Print verbose information. + ''; + }; + + zone = mkOption { + default = ""; + type = str; + description = lib.mdDoc '' + zone as required by some providers. + ''; + }; + + extraConfig = mkOption { + default = ""; + type = lines; + description = lib.mdDoc '' + Extra configuration. Contents will be added verbatim to the configuration file. + ::: {.note} + `daemon` should not be added here because it does not work great with the systemd-timer approach the service uses. + ::: + ''; + }; + }; + }; + + + ###### implementation + + config = mkMerge [ + (mkIf cfg.enable { + systemd.services.ddclient = { + description = "Dynamic DNS Client"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + restartTriggers = optional (cfg.configFile != null) cfg.configFile; + path = lib.optional (lib.hasPrefix "if," cfg.use) pkgs.iproute2; + + serviceConfig = { + DynamicUser = true; + RuntimeDirectoryMode = "0700"; + inherit RuntimeDirectory; + inherit StateDirectory; + Type = "oneshot"; + ExecStartPre = "!${pkgs.writeShellScript "ddclient-prestart" preStart}"; + ExecStart = "${lib.getBin cfg.package}/bin/ddclient -file /run/${RuntimeDirectory}/ddclient.conf"; + }; + }; + + systemd.timers.ddclient = { + description = "Run ddclient"; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = cfg.interval; + OnUnitInactiveSec = cfg.interval; + }; + }; + }) + { + ids.uids.ddclient = 30; + ids.gids.ddclient = 30; + } + ]; +} diff --git a/third_party/ddclient/pkg.nix b/third_party/ddclient/pkg.nix new file mode 100644 index 000000000000..586f3891ac96 --- /dev/null +++ b/third_party/ddclient/pkg.nix @@ -0,0 +1,45 @@ +# SPDX-License-Identifier: MIT +# SPDX-FileCopyrightText: Copyright (c) 2003-2023 The Nixpkgs/NixOS contributors +{ lib, fetchFromGitHub, perlPackages, autoreconfHook, iproute2, perl }: + +perlPackages.buildPerlPackage rec { + pname = "ddclient"; + version = "3.10.0"; + + outputs = [ "out" ]; + + src = fetchFromGitHub { + owner = "ddclient"; + repo = "ddclient"; + rev = "v${version}"; + sha256 = "sha256-wWUkjXwVNZRJR1rXPn3IkDRi9is9vsRuNC/zq8RpB1E="; + }; + + postPatch = '' + touch Makefile.PL + ''; + + nativeBuildInputs = [ autoreconfHook ]; + + buildInputs = with perlPackages; [ IOSocketINET6 IOSocketSSL JSONPP ]; + + installPhase = '' + runHook preInstall + # patch sheebang ddclient script which only exists after buildPhase + preConfigure + install -Dm755 ddclient $out/bin/ddclient + install -Dm644 -t $out/share/doc/ddclient COP* README.* ChangeLog.md + runHook postInstall + ''; + + # TODO: run upstream tests + doCheck = false; + + meta = with lib; { + description = "Client for updating dynamic DNS service entries"; + homepage = "https://ddclient.net/"; + license = licenses.gpl2Plus; + platforms = platforms.linux; + maintainers = with maintainers; [ SuperSandro2000 ]; + }; +} diff --git a/third_party/overlays/tvl.nix b/third_party/overlays/tvl.nix index c68ec8f26292..2a99e66c7403 100644 --- a/third_party/overlays/tvl.nix +++ b/third_party/overlays/tvl.nix @@ -39,14 +39,22 @@ depot.nix.readTree.drvTargets { nix = self.nix_2_3; nix_latest = super.nix; + # nixos-option now unfortunately depends on (at the time of writing) Nix 2.15 + # instead of Nix 2.3 as before. The intention seems to be to keep it in sync + # with the latest Nix and it uses unstable interfaces of Nix (the libraries). + # TODO(sterni): can we link it statically and avoid a second Nix store path? + nixos-option = super.nixos-option.override { + nix = self.nix_latest; + }; + # Too match telega in emacs-overlay or wherever tdlib = super.tdlib.overrideAttrs (_: { - version = "1.8.14"; + version = "1.8.15"; src = self.fetchFromGitHub { owner = "tdlib"; repo = "td"; - rev = "e8ee1c51498c060c6f9b8511bf25a6c025e72adf"; - sha256 = "0vm5j5kzvzf5gdmg2rg6hw3dyzn9dy0l256asyjipbnhk9302s0n"; + rev = "64264b0f775a027fa9e0bf72051a8b2a5a2df071"; + sha256 = "1qs8pizap7glm98kjjliph1s7dn4fffwvs5ml8nv9d55dispjc4f"; }; }); diff --git a/third_party/sources/sources.json b/third_party/sources/sources.json index d32fea592f42..7f067347c824 100644 --- a/third_party/sources/sources.json +++ b/third_party/sources/sources.json @@ -5,10 +5,10 @@ "homepage": "https://matrix.to/#/#agenix:nixos.org", "owner": "ryantm", "repo": "agenix", - "rev": "db5637d10f797bb251b94ef9040b237f4702cde3", - "sha256": "07f60gvrc2ianxa3s4lzjmlpps1vbi8scjiyz45813dbgavxcmix", + "rev": "d8c973fd228949736dedf61b7f8cc1ece3236792", + "sha256": "01id7i7gw3r56b2p95411sbmbmmsarpzamig4h8rxbi4bljvnxzm", "type": "tarball", - "url": "https://github.com/ryantm/agenix/archive/db5637d10f797bb251b94ef9040b237f4702cde3.tar.gz", + "url": "https://github.com/ryantm/agenix/archive/d8c973fd228949736dedf61b7f8cc1ece3236792.tar.gz", "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" }, "emacs-overlay": { @@ -17,10 +17,10 @@ "homepage": "", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "44bffe245cd8ce2281cf0a60021a4dccb6e78148", - "sha256": "01baiqh073jwb0wapcm30ykcrf45j5iwr7b3ccqpndwr5bky44ga", + "rev": "712480410743739b4739652245a1fae4cf9ec38d", + "sha256": "133kvfdnl8k4jgvh6yr4rklf4na3zdcclr52si3hzfbza3p199ri", "type": "tarball", - "url": "https://github.com/nix-community/emacs-overlay/archive/44bffe245cd8ce2281cf0a60021a4dccb6e78148.tar.gz", + "url": "https://github.com/nix-community/emacs-overlay/archive/712480410743739b4739652245a1fae4cf9ec38d.tar.gz", "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" }, "home-manager": { @@ -29,10 +29,10 @@ "homepage": "https://nix-community.github.io/home-manager/", "owner": "nix-community", "repo": "home-manager", - "rev": "2f78e6fcba61ce81536d19e6c662e55ab272d539", - "sha256": "0dfnqf3ij1rb807vmambdmskawpnlcn9alqzp2hkmxj1ydvrsnbj", + "rev": "86dd48d70a2e2c17e84e747ba4faa92453e68d4a", + "sha256": "18rvn4m3p6xk72yc3cndskviyy0dnh07nylfcgslfzgga8kmkww8", "type": "tarball", - "url": "https://github.com/nix-community/home-manager/archive/2f78e6fcba61ce81536d19e6c662e55ab272d539.tar.gz", + "url": "https://github.com/nix-community/home-manager/archive/86dd48d70a2e2c17e84e747ba4faa92453e68d4a.tar.gz", "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" }, "impermanence": { @@ -41,10 +41,10 @@ "homepage": "", "owner": "nix-community", "repo": "impermanence", - "rev": "89253fb1518063556edd5e54509c30ac3089d5e6", - "sha256": "095q3c1kyj7lpnn1i53c0158jh02avsm6xmkvql045xppkxfnk1b", + "rev": "e3a7acd113903269a1b5c8b527e84ce7ee859851", + "sha256": "1kypb376fyxqb1nn65j579nm5cl5cyrhghcbf2ajgpdpszbv728q", "type": "tarball", - "url": "https://github.com/nix-community/impermanence/archive/89253fb1518063556edd5e54509c30ac3089d5e6.tar.gz", + "url": "https://github.com/nix-community/impermanence/archive/e3a7acd113903269a1b5c8b527e84ce7ee859851.tar.gz", "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" }, "naersk": { @@ -53,10 +53,10 @@ "homepage": "", "owner": "nmattia", "repo": "naersk", - "rev": "abca1fb7a6cfdd355231fc220c3d0302dbb4369a", - "sha256": "1f2vy2kpc6xbajjgxksrwdwz0xz4ax7iwznc9q8cfpm8r2z3kcpx", + "rev": "d9a33d69a9c421d64c8d925428864e93be895dcc", + "sha256": "1lhz5haibfnbxwir61mhymxfqfgs2q1nb4rk88va8bpv6j2zlpbv", "type": "tarball", - "url": "https://github.com/nmattia/naersk/archive/abca1fb7a6cfdd355231fc220c3d0302dbb4369a.tar.gz", + "url": "https://github.com/nmattia/naersk/archive/d9a33d69a9c421d64c8d925428864e93be895dcc.tar.gz", "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" }, "napalm": { @@ -77,10 +77,10 @@ "homepage": "", "owner": "NixOS", "repo": "nixpkgs", - "rev": "78419edadf0fabbe5618643bd850b2f2198ed060", - "sha256": "10xp417avlhl3gp9h3a7pj12w5g88wmizlz9bjjr7k15is4ihdkn", + "rev": "66aedfd010204949cb225cf749be08cb13ce1813", + "sha256": "1jspq3g1wzdfgmnp4wzzrwh2cfn9q2w86b25bgwr7ygdcdap3fqd", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/78419edadf0fabbe5618643bd850b2f2198ed060.tar.gz", + "url": "https://github.com/NixOS/nixpkgs/archive/66aedfd010204949cb225cf749be08cb13ce1813.tar.gz", "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" }, "nixpkgs-stable": { @@ -89,10 +89,10 @@ "homepage": "", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c7a18f89ef1dc423f57f3de9bd5d9355550a5d15", - "sha256": "1ggpzw4q52sh4sxmvdvz7q34n7nmdk2nc3ciaipw8zm05mh78dzp", + "rev": "bd836ac5e5a7358dea73cb74a013ca32864ccb86", + "sha256": "1xcg07nmzz74s99ln079rqzlxyiv2gzzz9g71h5337jf4il0560g", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/c7a18f89ef1dc423f57f3de9bd5d9355550a5d15.tar.gz", + "url": "https://github.com/NixOS/nixpkgs/archive/bd836ac5e5a7358dea73cb74a013ca32864ccb86.tar.gz", "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" }, "rust-overlay": { @@ -101,10 +101,10 @@ "homepage": "", "owner": "oxalica", "repo": "rust-overlay", - "rev": "ab050286f18ea354bfe7a49ca8ddcbd633cae1ca", - "sha256": "153mczhjwp445g0y1lz5fldbanfnwny93xvb7m5b53cafalswmhh", + "rev": "99df4908445be37ddb2d332580365fce512a7dcf", + "sha256": "10v54n7ih64y9bc8pb58mhpk02w6gxjw7wmyk35pv00ksq9mw1a3", "type": "tarball", - "url": "https://github.com/oxalica/rust-overlay/archive/ab050286f18ea354bfe7a49ca8ddcbd633cae1ca.tar.gz", + "url": "https://github.com/oxalica/rust-overlay/archive/99df4908445be37ddb2d332580365fce512a7dcf.tar.gz", "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" }, "rustsec-advisory-db": { @@ -113,10 +113,10 @@ "homepage": "https://rustsec.org", "owner": "RustSec", "repo": "advisory-db", - "rev": "1f538e6f3b8ad37e89b1386e06be080fbe474b3c", - "sha256": "08yms64b4qfn60aa9ylay2fc06z5pwzr5p7l9g1zafjk4iclk297", + "rev": "98e8483ac17d42eeeeee51d4d02ad8a690bd12c7", + "sha256": "0c973phllqrjrfqbvccmnfyf9b0331s91p1g5cqpd8cvwx9dk86i", "type": "tarball", - "url": "https://github.com/RustSec/advisory-db/archive/1f538e6f3b8ad37e89b1386e06be080fbe474b3c.tar.gz", + "url": "https://github.com/RustSec/advisory-db/archive/98e8483ac17d42eeeeee51d4d02ad8a690bd12c7.tar.gz", "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" } } diff --git a/tools/magrathea/default.nix b/tools/magrathea/default.nix index fa0a5d89a172..1d6dacf67c48 100644 --- a/tools/magrathea/default.nix +++ b/tools/magrathea/default.nix @@ -18,6 +18,6 @@ pkgs.stdenv.mkDerivation { buildPhase = '' mkdir -p $out/bin - csc -o $out/bin/mg -static ${./mg.scm} + csc -o $out/bin/mg -host -static ${./mg.scm} ''; } diff --git a/users/grfn/system/system/machines/mugwump.nix b/users/grfn/system/system/machines/mugwump.nix index 3cb520b1a3c4..208cc32648e3 100644 --- a/users/grfn/system/system/machines/mugwump.nix +++ b/users/grfn/system/system/machines/mugwump.nix @@ -9,6 +9,7 @@ with lib; (depot.path.origSrc + "/ops/modules/prometheus-fail2ban-exporter.nix") (depot.path.origSrc + "/users/grfn/xanthous/server/module.nix") (depot.third_party.agenix.src + "/modules/age.nix") + depot.third_party.ddclient.module ]; networking.hostName = "mugwump"; @@ -153,7 +154,8 @@ with lib; }; }; - services.ddclient = { + services.deprecated-ddclient = { + package = depot.third_party.ddclient; enable = true; domains = [ "home.gws.fyi" ]; interval = "1d"; |