From 522dd0ffcb9d584ebb64249c590bd1ba996b63b4 Mon Sep 17 00:00:00 2001 From: Danilo Reyes Date: Fri, 5 Jul 2024 13:34:06 -0600 Subject: [PATCH] added cloudflare-dyndns to update-dns --- modules/scripts/update-dns.nix | 19 +++++++++++++++---- modules/servers.nix | 5 +++++ secrets/env.yaml | 5 +++-- 3 files changed, 23 insertions(+), 6 deletions(-) diff --git a/modules/scripts/update-dns.nix b/modules/scripts/update-dns.nix index 7ce2657..cf7f0ad 100644 --- a/modules/scripts/update-dns.nix +++ b/modules/scripts/update-dns.nix @@ -1,10 +1,21 @@ { config, pkgs, lib, ... }: { imports = [ ./base.nix ]; config = { - sops.secrets.dns = { - sopsFile = ../../secrets/env.yaml; - owner = config.users.users.jawz.name; - inherit (config.users.users.jawz) group; + sops.secrets = { + cloudflare-api.sopsFile = ../../secrets/env.yaml; + dns = { + sopsFile = ../../secrets/env.yaml; + owner = config.users.users.jawz.name; + inherit (config.users.users.jawz) group; + }; + }; + services.cloudflare-dyndns = { + enable = true; + ipv4 = true; + ipv6 = false; + proxied = true; + domains = [ config.my.domainSecret ]; + apiTokenFile = config.sops.secrets.cloudflare-api.path; }; my.scripts.update-dns = { enable = lib.mkDefault false; diff --git a/modules/servers.nix b/modules/servers.nix index 6f769e9..158d8ab 100644 --- a/modules/servers.nix +++ b/modules/servers.nix @@ -81,6 +81,11 @@ in { default = "servidos.lat"; description = "The domain name."; }; + domainSecret = lib.mkOption { + type = lib.types.str; + default = "wedsgk5ac2qcaf9yb.click"; + description = "The domain name."; + }; miniserver-ip = lib.mkOption { type = lib.types.str; default = "192.168.1.100"; diff --git a/secrets/env.yaml b/secrets/env.yaml index 8fd4689..ee02e0c 100644 --- a/secrets/env.yaml +++ b/secrets/env.yaml @@ -6,6 +6,7 @@ maloja: ENC[AES256_GCM,data:yCwokfD4I1Boy2NOhOTLA3dWgUVOdSzWKIEdYC0klvYu41IGcM8b multi-scrobbler: ENC[AES256_GCM,data:4KENPA2BoCgBmlBkGrOzI7AOxwtpPjuBHi92XqbQzc3O7Wi6XHjcsAoeY3qWmH8MEB/QhZOh0jLWxJHwSFmHo8T3yG+KYCYzwjSD9c8CySrbwZZZ5S6G/qiQx4p1DDJv5KXk2SW/1gruKGEFgizk7qWpN0dUYgwnrBMjyeWu4UjuVZtrlWQoKRbsMA/8dbIzFuNTTu94E+IPZ8KFKkir13Odc3zROHdxfFZibVXndr40KVZBC4URruZLCT4pLPSHP0GqF69Z+cdI3VaMD5r/Ig==,iv:09d58aMTuFvtr7TMzGHoU8cu2IWHK++pYgLBkQDU0+U=,tag:TkF/a+jbptIr3ddBRN8PBQ==,type:str] vaultwarden: ENC[AES256_GCM,data:BH+G8FmYylTbOhzZy6T+sW0q2myJC2zpd/SrtG5WC7N5fmV++X4h+6/tU5dFv4owIOLm/13oGrkT/KOWkF2wwQ7qeQQ8bsyloEigNBMW6d7/ihXZtdtYid1HQrvc6U+Sjl8CPjInHz5j9fy5ouMrmDCGVIYdNrDzFW8AYn7KFLIa3c7oCWMTBCOeGS5rD55GSwy5y4AvBx7Hj9xnZmGG2cnzt5CR9hr/fnZhBTcPxquUZw==,iv:CxDdtWC7zKJZ/Ikq5fV33AT6MYx+pbAGI0Cy6I1fcyo=,tag:q8w4maD3vXTdxCLZ7qbCjg==,type:str] dns: ENC[AES256_GCM,data:eQACe2GRS0ZHyszFkZDG1CeJJZDe/0eXNnurujdv5VR5QQJjYRAQuJVzC3XgelXoWeIQdtW4IfpXTv7xaGuhEzPgsPm4hAdEKosNs6h0ZGg8FG73NSdMWw==,iv:n3i4Ll24+a82aKiRIJgMWLko1B2Lk7bLnpmUevBoHGA=,tag:bnZzVfRUSpZFvF2T6pMtsQ==,type:str] +cloudflare-api: ENC[AES256_GCM,data:LDlxI/jJ0iRf4aVzsVDXfUFgidMsCtUmW24fcLTYyEiu82PG1p4Q3jt6xL/yUKHSXpNpDhfnuBx+iwT9Myo=,iv:mMdjsfev3yHnk99nPVWeTyR0CfVXTzVDFziDfnq4Ldw=,tag:pCLcNwprdtHLsSUcZOCHVw==,type:str] sops: kms: [] gcp_kms: [] @@ -48,8 +49,8 @@ sops: QXRUYWtGcWZCVW11U3VYRktuUjlCbDgKsTK4WhUza/JuoDTU3uATa6fq/8eYzxtb 9BUK1ddzx9Mghea9XBMS17YGtGmW800OsLBomb3SINnOFvejcnKf8Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-30T03:07:22Z" - mac: ENC[AES256_GCM,data:4JoKuuiLZMk0zRTBPEwTWJnKJ2Vc1u4VVMUULnvAXx3WKt01OIBJE+Ivoy9d41WGCv+eLweLLkWScMOeBkkB8Yq64nrCWzQqrgkpLXaFH6Unn91Flb+zZt8kGxe8uMn+3LhpVR4b6VF2w7cW3NDvmcmqYpEmkAxlJKLDuiX33VE=,iv:ZmY2uXHR1N+zwdKTE8DjNQMzOx+hpJpXQVTK2je8QCg=,tag:smURl3iNFDvf0RB7X809/A==,type:str] + lastmodified: "2024-07-05T19:17:53Z" + mac: ENC[AES256_GCM,data:vdIXGAUjuEc0W77Gzn+Aqv8HAepvXco+25OsiILhBA7sQwdOc+OSoFYy9jVjPnpJ8nWUL0Cm8ZnTbmg1+m7L9nWroenVaf6p/BkNLB+UvOc1gwMkEfik698rQr31urPWReDk5TKmg5h2yyGLVL09AUFcJpkKkjyCttelFCzbyKE=,iv:41wHWRpzDOTtff5HvWF8UehF5CvXLA8+zl38pBr9PBU=,tag:vP60YEpnTQY4Eb1hOyeU8A==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1