From bf4f1a43e5d722baa6c43d8eedf96f5e8ba5a12b Mon Sep 17 00:00:00 2001 From: Aspen Smith Date: Sat, 21 Sep 2024 11:37:43 -0400 Subject: feat(aspen/system): Reinstate ddclient, migrate to ogopogo ddclient is back in nixpkgs and nixos[0], so let's just use that, and remove the backported package from third_party. [0] https://github.com/NixOS/nixpkgs/commit/8a8ec36615daecf2705cab80c3a926a0590eefff Change-Id: Ib14ab68158a6799c78d71e3bea63869ec9fc1a48 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12500 Tested-by: BuildkiteCI Reviewed-by: aspen Autosubmit: aspen --- users/aspen/secrets/bbbg.age | Bin 733 -> 598 bytes users/aspen/secrets/buildkite-ssh-key.age | Bin 3883 -> 3833 bytes users/aspen/secrets/buildkite-token.age | Bin 623 -> 483 bytes users/aspen/secrets/cloudflare.age | Bin 450 -> 409 bytes users/aspen/secrets/ddclient-password.age | Bin 429 -> 360 bytes users/aspen/secrets/secrets.nix | 2 +- .../aspen/secrets/windtunnel-bot-github-token.age | 18 +++++++--------- users/aspen/system/system/machines/mugwump.nix | 14 ------------ users/aspen/system/system/machines/ogopogo.nix | 24 +++++++++++++++++++++ 9 files changed, 33 insertions(+), 25 deletions(-) (limited to 'users/aspen') diff --git a/users/aspen/secrets/bbbg.age b/users/aspen/secrets/bbbg.age index ebc0df233898..d8294b047191 100644 Binary files a/users/aspen/secrets/bbbg.age and b/users/aspen/secrets/bbbg.age differ diff --git a/users/aspen/secrets/buildkite-ssh-key.age b/users/aspen/secrets/buildkite-ssh-key.age index d9587f11df4b..062be3b9bd98 100644 Binary files a/users/aspen/secrets/buildkite-ssh-key.age and b/users/aspen/secrets/buildkite-ssh-key.age differ diff --git a/users/aspen/secrets/buildkite-token.age b/users/aspen/secrets/buildkite-token.age index 320ee06c0937..f55b31fb08ed 100644 Binary files a/users/aspen/secrets/buildkite-token.age and b/users/aspen/secrets/buildkite-token.age differ diff --git a/users/aspen/secrets/cloudflare.age b/users/aspen/secrets/cloudflare.age index 4f42ee782165..6b3974ec7ab6 100644 Binary files a/users/aspen/secrets/cloudflare.age and b/users/aspen/secrets/cloudflare.age differ diff --git a/users/aspen/secrets/ddclient-password.age b/users/aspen/secrets/ddclient-password.age index 8d25e3b539bd..bc82063c3a28 100644 Binary files a/users/aspen/secrets/ddclient-password.age and b/users/aspen/secrets/ddclient-password.age differ diff --git a/users/aspen/secrets/secrets.nix b/users/aspen/secrets/secrets.nix index 5bfb1c3eb08c..778b8ebd6e0a 100644 --- a/users/aspen/secrets/secrets.nix +++ b/users/aspen/secrets/secrets.nix @@ -8,7 +8,7 @@ in { "bbbg.age".publicKeys = [ grfn mugwump bbbg ]; "cloudflare.age".publicKeys = [ grfn mugwump ]; - "ddclient-password.age".publicKeys = [ grfn mugwump ]; + "ddclient-password.age".publicKeys = [ grfn ogopogo ]; "buildkite-ssh-key.age".publicKeys = [ grfn mugwump ogopogo ]; "buildkite-token.age".publicKeys = [ grfn mugwump ogopogo ]; "windtunnel-bot-github-token.age".publicKeys = [ grfn mugwump ogopogo ]; diff --git a/users/aspen/secrets/windtunnel-bot-github-token.age b/users/aspen/secrets/windtunnel-bot-github-token.age index daae99958276..84e852f4c1f1 100644 --- a/users/aspen/secrets/windtunnel-bot-github-token.age +++ b/users/aspen/secrets/windtunnel-bot-github-token.age @@ -1,11 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 CpJBgQ YaZ2VHyXofn2qnxRrOYO4yPPu77BEPFq/cbnfa+5WAA -VgJQoyJVxirvASD0aDsuzmbNJdIP0kpHa5b72Ri7kr8 --> ssh-ed25519 LfBFbQ cXXW3kQzZL7sU4heujIJGzvfpbX0toL2AgsJl5AZPEg -mhkKn69c/QeCJhYAFgx/MsHrIrXim3OcjkZ/rrckVLs --> ssh-ed25519 GeE7sQ /XcP3pWg+aKF1F0sPu6RpYv3Rfj2J/QI0yjg3Wgfjm0 -d+rsgbMlDJx0VrjD4/nO4UcM10hcrLxcPA3QlY1t7sQ --> "0?-grease k}d?h6 |v -7mV6AFUdCMCrkmLVQaWJPQ ---- I9Ls9AWMkSFCKw7y4pLoTkeGw7h5iROwXLuUm0nfuj8 -~v8&3\.%$ɺtQ͜},BEh w96?U \ No newline at end of file +-> ssh-ed25519 CpJBgQ qVlQpHyewtBSfFIdU8GihXC7JhGbcvQ61ZsJC20wSH4 +mZXwiTICzrG+3aCL67cO6cTWMgHkxhDyBi7tZ8l+QMA +-> ssh-ed25519 LfBFbQ 78NQxflRkRMW5vSP1BEvASSQU2pZAfMwd7T2+6W7NQs +u0x986pFtnD9ZqfL3KnRrdYS5z9LRUPJhcmc8FQOuGo +-> ssh-ed25519 GeE7sQ aqFQGCywSimHNbN5si0PzmESUXwROjrpTe/5UdTyYw4 +X2thEJIyOnNUsA746VwqZhH+44XBfCTvh7VOEg/zew0 +--- ndSgjJv5Tel6ovKl+SBdDHZHlszgsEhOY1HHpNDvf1s +Iʵu*1t(/X˕3ȒVGT|@K<})se9`*z \ No newline at end of file diff --git a/users/aspen/system/system/machines/mugwump.nix b/users/aspen/system/system/machines/mugwump.nix index 4cfa11713495..1daa92f25f42 100644 --- a/users/aspen/system/system/machines/mugwump.nix +++ b/users/aspen/system/system/machines/mugwump.nix @@ -9,7 +9,6 @@ with lib; (depot.path.origSrc + "/ops/modules/prometheus-fail2ban-exporter.nix") (depot.path.origSrc + "/users/aspen/xanthous/server/module.nix") (depot.third_party.agenix.src + "/modules/age.nix") - depot.third_party.ddclient.module ]; networking.hostName = "mugwump"; @@ -83,7 +82,6 @@ with lib; in { cloudflare.file = secret "cloudflare"; - ddclient-password.file = secret "ddclient-password"; buildkite-ssh-key = { file = secret "buildkite-ssh-key"; @@ -164,18 +162,6 @@ with lib; }; }; - services.deprecated-ddclient = { - package = depot.third_party.ddclient; - enable = true; - domains = [ "home.gws.fyi" ]; - interval = "1d"; - zone = "gws.fyi"; - protocol = "cloudflare"; - username = "root@gws.fyi"; - passwordFile = config.age.secretsDir + "/ddclient-password"; - quiet = true; - }; - security.acme.certs."metrics.gws.fyi" = { dnsProvider = "cloudflare"; credentialsFile = config.age.secretsDir + "/cloudflare"; diff --git a/users/aspen/system/system/machines/ogopogo.nix b/users/aspen/system/system/machines/ogopogo.nix index 4b425246034d..4dbb3d14e6ce 100644 --- a/users/aspen/system/system/machines/ogopogo.nix +++ b/users/aspen/system/system/machines/ogopogo.nix @@ -96,4 +96,28 @@ wal_level = "logical"; }; }; + + # ddclient + age.secrets = + let + secret = name: depot.users.aspen.secrets."${name}.age"; + in + { + ddclient-password.file = secret "ddclient-password"; + }; + + services.ddclient = { + enable = true; + domains = [ "home.gws.fyi" ]; + interval = "1d"; + zone = "gws.fyi"; + protocol = "cloudflare"; + username = "root@gws.fyi"; + passwordFile = config.age.secretsDir + "/ddclient-password"; + quiet = true; + } + # TODO(aspen): Remove when upgrading past 4.0.0 + // lib.optionalAttrs (lib.versionOlder pkgs.ddclient.version "4.0.0") { + ssl = false; + }; } -- cgit 1.4.1