about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--third_party/ddclient/default.nix12
-rw-r--r--third_party/ddclient/module.nix230
-rw-r--r--third_party/ddclient/pkg.nix45
-rw-r--r--users/aspen/secrets/bbbg.agebin733 -> 598 bytes
-rw-r--r--users/aspen/secrets/buildkite-ssh-key.agebin3883 -> 3833 bytes
-rw-r--r--users/aspen/secrets/buildkite-token.agebin623 -> 483 bytes
-rw-r--r--users/aspen/secrets/cloudflare.agebin450 -> 409 bytes
-rw-r--r--users/aspen/secrets/ddclient-password.agebin429 -> 360 bytes
-rw-r--r--users/aspen/secrets/secrets.nix2
-rw-r--r--users/aspen/secrets/windtunnel-bot-github-token.age18
-rw-r--r--users/aspen/system/system/machines/mugwump.nix14
-rw-r--r--users/aspen/system/system/machines/ogopogo.nix24
12 files changed, 33 insertions, 312 deletions
diff --git a/third_party/ddclient/default.nix b/third_party/ddclient/default.nix
deleted file mode 100644
index 28b036ea66fc..000000000000
--- a/third_party/ddclient/default.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-# Users of this package & module should replace it with something like
-# inadyn, after https://github.com/NixOS/nixpkgs/issues/242330 is
-# landed.
-#
-# TODO(aspen): replace ddclient with inadyn or something else.
-{ pkgs, ... }:
-
-(pkgs.callPackage ./pkg.nix { }).overrideAttrs (old: {
-  passthru = old.passthru // {
-    module = ./module.nix;
-  };
-})
diff --git a/third_party/ddclient/module.nix b/third_party/ddclient/module.nix
deleted file mode 100644
index c8d68f9be932..000000000000
--- a/third_party/ddclient/module.nix
+++ /dev/null
@@ -1,230 +0,0 @@
-# SPDX-License-Identifier: MIT
-# SPDX-FileCopyrightText: Copyright (c) 2003-2023 The Nixpkgs/NixOS contributors
-{ config, pkgs, lib, ... }:
-
-let
-  cfg = config.services.deprecated-ddclient;
-  boolToStr = bool: if bool then "yes" else "no";
-  dataDir = "/var/lib/ddclient";
-  StateDirectory = builtins.baseNameOf dataDir;
-  RuntimeDirectory = StateDirectory;
-
-  configFile' = pkgs.writeText "ddclient.conf" ''
-    # This file can be used as a template for configFile or is automatically generated by Nix options.
-    cache=${dataDir}/ddclient.cache
-    foreground=YES
-    use=${cfg.use}
-    login=${cfg.username}
-    password=${if cfg.protocol == "nsupdate" then "/run/${RuntimeDirectory}/ddclient.key" else "@password_placeholder@"}
-    protocol=${cfg.protocol}
-    ${lib.optionalString (cfg.script != "") "script=${cfg.script}"}
-    ${lib.optionalString (cfg.server != "") "server=${cfg.server}"}
-    ${lib.optionalString (cfg.zone != "")   "zone=${cfg.zone}"}
-    ssl=${boolToStr cfg.ssl}
-    wildcard=YES
-    quiet=${boolToStr cfg.quiet}
-    verbose=${boolToStr cfg.verbose}
-    ${cfg.extraConfig}
-    ${lib.concatStringsSep "," cfg.domains}
-  '';
-  configFile = if (cfg.configFile != null) then cfg.configFile else configFile';
-
-  preStart = ''
-    install --mode=600 --owner=$USER ${configFile} /run/${RuntimeDirectory}/ddclient.conf
-    ${lib.optionalString (cfg.configFile == null) (if (cfg.protocol == "nsupdate") then ''
-      install --mode=600 --owner=$USER ${cfg.passwordFile} /run/${RuntimeDirectory}/ddclient.key
-    '' else if (cfg.passwordFile != null) then ''
-      "${pkgs.replace-secret}/bin/replace-secret" "@password_placeholder@" "${cfg.passwordFile}" "/run/${RuntimeDirectory}/ddclient.conf"
-    '' else ''
-      sed -i '/^password=@password_placeholder@$/d' /run/${RuntimeDirectory}/ddclient.conf
-    '')}
-  '';
-
-in
-
-with lib;
-
-{
-  ###### interface
-
-  options = {
-
-    services.deprecated-ddclient = with lib.types; {
-
-      enable = mkOption {
-        default = false;
-        type = bool;
-        description = lib.mdDoc ''
-          Whether to synchronise your machine's IP address with a dynamic DNS provider (e.g. dyndns.org).
-        '';
-      };
-
-      package = mkOption {
-        type = package;
-        default = pkgs.ddclient;
-        defaultText = lib.literalExpression "pkgs.ddclient";
-        description = lib.mdDoc ''
-          The ddclient executable package run by the service.
-        '';
-      };
-
-      domains = mkOption {
-        default = [ "" ];
-        type = listOf str;
-        description = lib.mdDoc ''
-          Domain name(s) to synchronize.
-        '';
-      };
-
-      username = mkOption {
-        # For `nsupdate` username contains the path to the nsupdate executable
-        default = lib.optionalString (cfg.protocol == "nsupdate") "${pkgs.bind.dnsutils}/bin/nsupdate";
-        defaultText = "";
-        type = str;
-        description = lib.mdDoc ''
-          User name.
-        '';
-      };
-
-      passwordFile = mkOption {
-        default = null;
-        type = nullOr str;
-        description = lib.mdDoc ''
-          A file containing the password or a TSIG key in named format when using the nsupdate protocol.
-        '';
-      };
-
-      interval = mkOption {
-        default = "10min";
-        type = str;
-        description = lib.mdDoc ''
-          The interval at which to run the check and update.
-          See {command}`man 7 systemd.time` for the format.
-        '';
-      };
-
-      configFile = mkOption {
-        default = null;
-        type = nullOr path;
-        description = lib.mdDoc ''
-          Path to configuration file.
-          When set this overrides the generated configuration from module options.
-        '';
-        example = "/root/nixos/secrets/ddclient.conf";
-      };
-
-      protocol = mkOption {
-        default = "dyndns2";
-        type = str;
-        description = lib.mdDoc ''
-          Protocol to use with dynamic DNS provider (see https://sourceforge.net/p/ddclient/wiki/protocols).
-        '';
-      };
-
-      server = mkOption {
-        default = "";
-        type = str;
-        description = lib.mdDoc ''
-          Server address.
-        '';
-      };
-
-      ssl = mkOption {
-        default = true;
-        type = bool;
-        description = lib.mdDoc ''
-          Whether to use SSL/TLS to connect to dynamic DNS provider.
-        '';
-      };
-
-      quiet = mkOption {
-        default = false;
-        type = bool;
-        description = lib.mdDoc ''
-          Print no messages for unnecessary updates.
-        '';
-      };
-
-      script = mkOption {
-        default = "";
-        type = str;
-        description = lib.mdDoc ''
-          script as required by some providers.
-        '';
-      };
-
-      use = mkOption {
-        default = "web, web=checkip.dyndns.com/, web-skip='Current IP Address: '";
-        type = str;
-        description = lib.mdDoc ''
-          Method to determine the IP address to send to the dynamic DNS provider.
-        '';
-      };
-
-      verbose = mkOption {
-        default = false;
-        type = bool;
-        description = lib.mdDoc ''
-          Print verbose information.
-        '';
-      };
-
-      zone = mkOption {
-        default = "";
-        type = str;
-        description = lib.mdDoc ''
-          zone as required by some providers.
-        '';
-      };
-
-      extraConfig = mkOption {
-        default = "";
-        type = lines;
-        description = lib.mdDoc ''
-          Extra configuration. Contents will be added verbatim to the configuration file.
-          ::: {.note}
-          `daemon` should not be added here because it does not work great with the systemd-timer approach the service uses.
-          :::
-        '';
-      };
-    };
-  };
-
-
-  ###### implementation
-
-  config = mkMerge [
-    (mkIf cfg.enable {
-      systemd.services.ddclient = {
-        description = "Dynamic DNS Client";
-        wantedBy = [ "multi-user.target" ];
-        after = [ "network.target" ];
-        restartTriggers = optional (cfg.configFile != null) cfg.configFile;
-        path = lib.optional (lib.hasPrefix "if," cfg.use) pkgs.iproute2;
-
-        serviceConfig = {
-          DynamicUser = true;
-          RuntimeDirectoryMode = "0700";
-          inherit RuntimeDirectory;
-          inherit StateDirectory;
-          Type = "oneshot";
-          ExecStartPre = "!${pkgs.writeShellScript "ddclient-prestart" preStart}";
-          ExecStart = "${lib.getBin cfg.package}/bin/ddclient -file /run/${RuntimeDirectory}/ddclient.conf";
-        };
-      };
-
-      systemd.timers.ddclient = {
-        description = "Run ddclient";
-        wantedBy = [ "timers.target" ];
-        timerConfig = {
-          OnBootSec = cfg.interval;
-          OnUnitInactiveSec = cfg.interval;
-        };
-      };
-    })
-    {
-      ids.uids.ddclient = 30;
-      ids.gids.ddclient = 30;
-    }
-  ];
-}
diff --git a/third_party/ddclient/pkg.nix b/third_party/ddclient/pkg.nix
deleted file mode 100644
index 586f3891ac96..000000000000
--- a/third_party/ddclient/pkg.nix
+++ /dev/null
@@ -1,45 +0,0 @@
-# SPDX-License-Identifier: MIT
-# SPDX-FileCopyrightText: Copyright (c) 2003-2023 The Nixpkgs/NixOS contributors
-{ lib, fetchFromGitHub, perlPackages, autoreconfHook, iproute2, perl }:
-
-perlPackages.buildPerlPackage rec {
-  pname = "ddclient";
-  version = "3.10.0";
-
-  outputs = [ "out" ];
-
-  src = fetchFromGitHub {
-    owner = "ddclient";
-    repo = "ddclient";
-    rev = "v${version}";
-    sha256 = "sha256-wWUkjXwVNZRJR1rXPn3IkDRi9is9vsRuNC/zq8RpB1E=";
-  };
-
-  postPatch = ''
-    touch Makefile.PL
-  '';
-
-  nativeBuildInputs = [ autoreconfHook ];
-
-  buildInputs = with perlPackages; [ IOSocketINET6 IOSocketSSL JSONPP ];
-
-  installPhase = ''
-    runHook preInstall
-    # patch sheebang ddclient script which only exists after buildPhase
-    preConfigure
-    install -Dm755 ddclient $out/bin/ddclient
-    install -Dm644 -t $out/share/doc/ddclient COP* README.* ChangeLog.md
-    runHook postInstall
-  '';
-
-  # TODO: run upstream tests
-  doCheck = false;
-
-  meta = with lib; {
-    description = "Client for updating dynamic DNS service entries";
-    homepage = "https://ddclient.net/";
-    license = licenses.gpl2Plus;
-    platforms = platforms.linux;
-    maintainers = with maintainers; [ SuperSandro2000 ];
-  };
-}
diff --git a/users/aspen/secrets/bbbg.age b/users/aspen/secrets/bbbg.age
index ebc0df233898..d8294b047191 100644
--- a/users/aspen/secrets/bbbg.age
+++ b/users/aspen/secrets/bbbg.age
Binary files differdiff --git a/users/aspen/secrets/buildkite-ssh-key.age b/users/aspen/secrets/buildkite-ssh-key.age
index d9587f11df4b..062be3b9bd98 100644
--- a/users/aspen/secrets/buildkite-ssh-key.age
+++ b/users/aspen/secrets/buildkite-ssh-key.age
Binary files differdiff --git a/users/aspen/secrets/buildkite-token.age b/users/aspen/secrets/buildkite-token.age
index 320ee06c0937..f55b31fb08ed 100644
--- a/users/aspen/secrets/buildkite-token.age
+++ b/users/aspen/secrets/buildkite-token.age
Binary files differdiff --git a/users/aspen/secrets/cloudflare.age b/users/aspen/secrets/cloudflare.age
index 4f42ee782165..6b3974ec7ab6 100644
--- a/users/aspen/secrets/cloudflare.age
+++ b/users/aspen/secrets/cloudflare.age
Binary files differdiff --git a/users/aspen/secrets/ddclient-password.age b/users/aspen/secrets/ddclient-password.age
index 8d25e3b539bd..bc82063c3a28 100644
--- a/users/aspen/secrets/ddclient-password.age
+++ b/users/aspen/secrets/ddclient-password.age
Binary files differdiff --git a/users/aspen/secrets/secrets.nix b/users/aspen/secrets/secrets.nix
index 5bfb1c3eb08c..778b8ebd6e0a 100644
--- a/users/aspen/secrets/secrets.nix
+++ b/users/aspen/secrets/secrets.nix
@@ -8,7 +8,7 @@ in
 {
   "bbbg.age".publicKeys = [ grfn mugwump bbbg ];
   "cloudflare.age".publicKeys = [ grfn mugwump ];
-  "ddclient-password.age".publicKeys = [ grfn mugwump ];
+  "ddclient-password.age".publicKeys = [ grfn ogopogo ];
   "buildkite-ssh-key.age".publicKeys = [ grfn mugwump ogopogo ];
   "buildkite-token.age".publicKeys = [ grfn mugwump ogopogo ];
   "windtunnel-bot-github-token.age".publicKeys = [ grfn mugwump ogopogo ];
diff --git a/users/aspen/secrets/windtunnel-bot-github-token.age b/users/aspen/secrets/windtunnel-bot-github-token.age
index daae99958276..84e852f4c1f1 100644
--- a/users/aspen/secrets/windtunnel-bot-github-token.age
+++ b/users/aspen/secrets/windtunnel-bot-github-token.age
@@ -1,11 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 CpJBgQ YaZ2VHyXofn2qnxRrOYO4yPPu77BEPFq/cbnfa+5WAA
-VgJQoyJVxirvASD0aDsuzmbNJdIP0kpHa5b72Ri7kr8
--> ssh-ed25519 LfBFbQ cXXW3kQzZL7sU4heujIJGzvfpbX0toL2AgsJl5AZPEg
-mhkKn69c/QeCJhYAFgx/MsHrIrXim3OcjkZ/rrckVLs
--> ssh-ed25519 GeE7sQ /XcP3pWg+aKF1F0sPu6RpYv3Rfj2J/QI0yjg3Wgfjm0
-d+rsgbMlDJx0VrjD4/nO4UcM10hcrLxcPA3QlY1t7sQ
--> "0?-grease k}d?h6 |v
-7mV6AFUdCMCrkmLVQaWJPQ
---- I9Ls9AWMkSFCKw7y4pLoTkeGw7h5iROwXLuUm0nfuj8
-~v8&3\.%$ɺtQ͜},BEh
w96?U
\ No newline at end of file
+-> ssh-ed25519 CpJBgQ qVlQpHyewtBSfFIdU8GihXC7JhGbcvQ61ZsJC20wSH4
+mZXwiTICzrG+3aCL67cO6cTWMgHkxhDyBi7tZ8l+QMA
+-> ssh-ed25519 LfBFbQ 78NQxflRkRMW5vSP1BEvASSQU2pZAfMwd7T2+6W7NQs
+u0x986pFtnD9ZqfL3KnRrdYS5z9LRUPJhcmc8FQOuGo
+-> ssh-ed25519 GeE7sQ aqFQGCywSimHNbN5si0PzmESUXwROjrpTe/5UdTyYw4
+X2thEJIyOnNUsA746VwqZhH+44XBfCTvh7VOEg/zew0
+--- ndSgjJv5Tel6ovKl+SBdDHZHlszgsEhOY1HHpNDvf1s
+Iʵu*1t(/X˕3ȒVGT|@K<})se9`*z
\ No newline at end of file
diff --git a/users/aspen/system/system/machines/mugwump.nix b/users/aspen/system/system/machines/mugwump.nix
index 4cfa11713495..1daa92f25f42 100644
--- a/users/aspen/system/system/machines/mugwump.nix
+++ b/users/aspen/system/system/machines/mugwump.nix
@@ -9,7 +9,6 @@ with lib;
     (depot.path.origSrc + "/ops/modules/prometheus-fail2ban-exporter.nix")
     (depot.path.origSrc + "/users/aspen/xanthous/server/module.nix")
     (depot.third_party.agenix.src + "/modules/age.nix")
-    depot.third_party.ddclient.module
   ];
 
   networking.hostName = "mugwump";
@@ -83,7 +82,6 @@ with lib;
     in
     {
       cloudflare.file = secret "cloudflare";
-      ddclient-password.file = secret "ddclient-password";
 
       buildkite-ssh-key = {
         file = secret "buildkite-ssh-key";
@@ -164,18 +162,6 @@ with lib;
     };
   };
 
-  services.deprecated-ddclient = {
-    package = depot.third_party.ddclient;
-    enable = true;
-    domains = [ "home.gws.fyi" ];
-    interval = "1d";
-    zone = "gws.fyi";
-    protocol = "cloudflare";
-    username = "root@gws.fyi";
-    passwordFile = config.age.secretsDir + "/ddclient-password";
-    quiet = true;
-  };
-
   security.acme.certs."metrics.gws.fyi" = {
     dnsProvider = "cloudflare";
     credentialsFile = config.age.secretsDir + "/cloudflare";
diff --git a/users/aspen/system/system/machines/ogopogo.nix b/users/aspen/system/system/machines/ogopogo.nix
index 4b425246034d..4dbb3d14e6ce 100644
--- a/users/aspen/system/system/machines/ogopogo.nix
+++ b/users/aspen/system/system/machines/ogopogo.nix
@@ -96,4 +96,28 @@
       wal_level = "logical";
     };
   };
+
+  # ddclient
+  age.secrets =
+    let
+      secret = name: depot.users.aspen.secrets."${name}.age";
+    in
+    {
+      ddclient-password.file = secret "ddclient-password";
+    };
+
+  services.ddclient = {
+    enable = true;
+    domains = [ "home.gws.fyi" ];
+    interval = "1d";
+    zone = "gws.fyi";
+    protocol = "cloudflare";
+    username = "root@gws.fyi";
+    passwordFile = config.age.secretsDir + "/ddclient-password";
+    quiet = true;
+  }
+  # TODO(aspen): Remove when upgrading past 4.0.0
+  // lib.optionalAttrs (lib.versionOlder pkgs.ddclient.version "4.0.0") {
+    ssl = false;
+  };
 }