feat(gs/mugwump): Set up ddclient

The way this loads the api key is a hack, but also... I don't care! Change-Id: I4d417b1a824007620661188b60b21a1f73867dca Reviewed-on: https://cl.tvl.fyi/c/depot/+/2747 Reviewed-by: glittershark <grfn@gws.fyi> Tested-by: BuildkiteCI
2021-04-01 10:19:52 -04:00 · 2021-04-01 10:19:52 -04:00 · 892fcdc5ab
commit 892fcdc5ab
parent a5f2b446aa
1 changed files with 26 additions and 0 deletions
--- a/users/glittershark/system/system/machines/mugwump.nix
+++ b/users/glittershark/system/system/machines/mugwump.nix
@ -114,6 +114,32 @@ with lib;
    };
  };

+  services.ddclient = {
+    enable = true;
+    domains = [ "home.gws.fyi" ];
+    interval = "1d";
+    zone = "gws.fyi";
+    protocol = "cloudflare";
+    username = "root@gws.fyi";
+    quiet = true;
+  };
+
+  systemd.services.ddclient.serviceConfig = {
+    EnvironmentFile = "/etc/secrets/cloudflare.env";
+    DynamicUser = lib.mkForce false;
+    ExecStart = lib.mkForce (
+      let runtimeDir =
+            config.systemd.services.ddclient.serviceConfig.RuntimeDirectory;
+      in pkgs.writeShellScript "ddclient" ''
+        set -eo pipefail
+
+        ${pkgs.gnused}/bin/sed -i -s s/password=/password=$CLOUDFLARE_API_KEY/ /run/${runtimeDir}/ddclient.conf
+        exec ${pkgs.ddclient}/bin/ddclient \
+          -file /run/${runtimeDir}/ddclient.conf \
+          -login=$CLOUDFLARE_EMAIL \
+      '');
+  };
+
  security.acme.certs."metrics.gws.fyi" = {
    dnsProvider = "namecheap";
    credentialsFile = "/etc/secrets/namecheap.env";