From 892fcdc5ab37cde86b9407986ccbf4ee4f45eee4 Mon Sep 17 00:00:00 2001 From: Griffin Smith Date: Thu, 1 Apr 2021 10:19:52 -0400 Subject: feat(gs/mugwump): Set up ddclient The way this loads the api key is a hack, but also... I don't care! Change-Id: I4d417b1a824007620661188b60b21a1f73867dca Reviewed-on: https://cl.tvl.fyi/c/depot/+/2747 Reviewed-by: glittershark Tested-by: BuildkiteCI --- .../system/system/machines/mugwump.nix | 26 ++++++++++++++++++++++ 1 file changed, 26 insertions(+) (limited to 'users/glittershark') diff --git a/users/glittershark/system/system/machines/mugwump.nix b/users/glittershark/system/system/machines/mugwump.nix index 22d9e7cd06bd..12524ffeb93f 100644 --- a/users/glittershark/system/system/machines/mugwump.nix +++ b/users/glittershark/system/system/machines/mugwump.nix @@ -114,6 +114,32 @@ with lib; }; }; + services.ddclient = { + enable = true; + domains = [ "home.gws.fyi" ]; + interval = "1d"; + zone = "gws.fyi"; + protocol = "cloudflare"; + username = "root@gws.fyi"; + quiet = true; + }; + + systemd.services.ddclient.serviceConfig = { + EnvironmentFile = "/etc/secrets/cloudflare.env"; + DynamicUser = lib.mkForce false; + ExecStart = lib.mkForce ( + let runtimeDir = + config.systemd.services.ddclient.serviceConfig.RuntimeDirectory; + in pkgs.writeShellScript "ddclient" '' + set -eo pipefail + + ${pkgs.gnused}/bin/sed -i -s s/password=/password=$CLOUDFLARE_API_KEY/ /run/${runtimeDir}/ddclient.conf + exec ${pkgs.ddclient}/bin/ddclient \ + -file /run/${runtimeDir}/ddclient.conf \ + -login=$CLOUDFLARE_EMAIL \ + ''); + }; + security.acme.certs."metrics.gws.fyi" = { dnsProvider = "namecheap"; credentialsFile = "/etc/secrets/namecheap.env"; -- cgit 1.4.1