From 9848494ca6cc946724a725bbb961ea0b94d4a072 Mon Sep 17 00:00:00 2001 From: Danilo Reyes Date: Sat, 29 Jun 2024 21:10:49 -0600 Subject: [PATCH] updated dns script + migrated secrets to sops --- modules/scripts/update-dns.nix | 34 ++++++++++++++++++++++++---------- secrets/env.yaml | 5 +++-- 2 files changed, 27 insertions(+), 12 deletions(-) diff --git a/modules/scripts/update-dns.nix b/modules/scripts/update-dns.nix index 2434f72..7ce2657 100644 --- a/modules/scripts/update-dns.nix +++ b/modules/scripts/update-dns.nix @@ -1,13 +1,27 @@ -{ pkgs, lib, ... }: { +{ config, pkgs, lib, ... }: { imports = [ ./base.nix ]; - config.my.scripts.update-dns = { - enable = lib.mkDefault false; - install = true; - service = true; - name = "update-dns"; - timer = "*:0/30"; - description = "Updates the IP of all my domains"; - package = pkgs.writeScriptBin "update-dns" - (builtins.readFile ../../scripts/update-dns.sh); + config = { + sops.secrets.dns = { + sopsFile = ../../secrets/env.yaml; + owner = config.users.users.jawz.name; + inherit (config.users.users.jawz) group; + }; + my.scripts.update-dns = { + enable = lib.mkDefault false; + install = true; + service = true; + name = "update-dns"; + timer = "*:0/30"; + description = "Updates the IP of all my domains"; + package = let + update-dns = pkgs.writeScriptBin "update-dns" + (builtins.readFile ../../scripts/update-dns.sh); + in pkgs.writeScriptBin "update-dns" '' + set -a && + source ${config.sops.secrets.dns.path} && + set -a && + ${update-dns}/bin/update-dns; + ''; + }; }; } diff --git a/secrets/env.yaml b/secrets/env.yaml index 32968c9..8fd4689 100644 --- a/secrets/env.yaml +++ b/secrets/env.yaml @@ -5,6 +5,7 @@ mealie: ENC[AES256_GCM,data:RjKqDs70lWhGN0LXPp3feQfW/WtfJlR6vX++0hwGtqcA3iepEh2A maloja: ENC[AES256_GCM,data:yCwokfD4I1Boy2NOhOTLA3dWgUVOdSzWKIEdYC0klvYu41IGcM8bM65uYFmiOtk+jHgt6j3kO/pBBlC4w/iTElphTqFyFRGdBN4fNRntAhMzqOszBZII,iv:Vf9hfNwSTBkh2cXV7Y2fv4NA8kng2M1i7BtTXJvy4u4=,tag:KLc8sP6N2/Pp/9069E3aPQ==,type:str] multi-scrobbler: ENC[AES256_GCM,data:4KENPA2BoCgBmlBkGrOzI7AOxwtpPjuBHi92XqbQzc3O7Wi6XHjcsAoeY3qWmH8MEB/QhZOh0jLWxJHwSFmHo8T3yG+KYCYzwjSD9c8CySrbwZZZ5S6G/qiQx4p1DDJv5KXk2SW/1gruKGEFgizk7qWpN0dUYgwnrBMjyeWu4UjuVZtrlWQoKRbsMA/8dbIzFuNTTu94E+IPZ8KFKkir13Odc3zROHdxfFZibVXndr40KVZBC4URruZLCT4pLPSHP0GqF69Z+cdI3VaMD5r/Ig==,iv:09d58aMTuFvtr7TMzGHoU8cu2IWHK++pYgLBkQDU0+U=,tag:TkF/a+jbptIr3ddBRN8PBQ==,type:str] vaultwarden: ENC[AES256_GCM,data:BH+G8FmYylTbOhzZy6T+sW0q2myJC2zpd/SrtG5WC7N5fmV++X4h+6/tU5dFv4owIOLm/13oGrkT/KOWkF2wwQ7qeQQ8bsyloEigNBMW6d7/ihXZtdtYid1HQrvc6U+Sjl8CPjInHz5j9fy5ouMrmDCGVIYdNrDzFW8AYn7KFLIa3c7oCWMTBCOeGS5rD55GSwy5y4AvBx7Hj9xnZmGG2cnzt5CR9hr/fnZhBTcPxquUZw==,iv:CxDdtWC7zKJZ/Ikq5fV33AT6MYx+pbAGI0Cy6I1fcyo=,tag:q8w4maD3vXTdxCLZ7qbCjg==,type:str] +dns: ENC[AES256_GCM,data:eQACe2GRS0ZHyszFkZDG1CeJJZDe/0eXNnurujdv5VR5QQJjYRAQuJVzC3XgelXoWeIQdtW4IfpXTv7xaGuhEzPgsPm4hAdEKosNs6h0ZGg8FG73NSdMWw==,iv:n3i4Ll24+a82aKiRIJgMWLko1B2Lk7bLnpmUevBoHGA=,tag:bnZzVfRUSpZFvF2T6pMtsQ==,type:str] sops: kms: [] gcp_kms: [] @@ -47,8 +48,8 @@ sops: QXRUYWtGcWZCVW11U3VYRktuUjlCbDgKsTK4WhUza/JuoDTU3uATa6fq/8eYzxtb 9BUK1ddzx9Mghea9XBMS17YGtGmW800OsLBomb3SINnOFvejcnKf8Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-06-29T21:28:08Z" - mac: ENC[AES256_GCM,data:uVxwOOVOSeBsiVLXbOGo4cudGoJjn7yVYvWW7WZqPRu5FO32LA1rbZObN0RT4Y8OWFdv297rewTiC3KiGIPAZav91yiwlrXX/koEa4OhwQfkKiPNyPvmJ6e2h+M3gck75wbt1sbT8qnMtsHUjkfNZQiInC5hJyikalTusILke8w=,iv:IhOvHRYgkYP0BEZ60f66/nLU1x8Qk/YwZiNbcXDFOeQ=,tag:gcqBy9HxaX1W7osQHyNzOA==,type:str] + lastmodified: "2024-06-30T03:07:22Z" + mac: ENC[AES256_GCM,data:4JoKuuiLZMk0zRTBPEwTWJnKJ2Vc1u4VVMUULnvAXx3WKt01OIBJE+Ivoy9d41WGCv+eLweLLkWScMOeBkkB8Yq64nrCWzQqrgkpLXaFH6Unn91Flb+zZt8kGxe8uMn+3LhpVR4b6VF2w7cW3NDvmcmqYpEmkAxlJKLDuiX33VE=,iv:ZmY2uXHR1N+zwdKTE8DjNQMzOx+hpJpXQVTK2je8QCg=,tag:smURl3iNFDvf0RB7X809/A==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1