feat(aspen/system): Reinstate ddclient, migrate to ogopogo
ddclient is back in nixpkgs and nixos[0], so let's just use that, and
remove the backported package from third_party.
[0] 8a8ec36615
Change-Id: Ib14ab68158a6799c78d71e3bea63869ec9fc1a48
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12500
Tested-by: BuildkiteCI
Reviewed-by: aspen <root@gws.fyi>
Autosubmit: aspen <root@gws.fyi>
This commit is contained in:
parent
0320d778d9
commit
bf4f1a43e5
12 changed files with 33 additions and 312 deletions
12
third_party/ddclient/default.nix
vendored
12
third_party/ddclient/default.nix
vendored
|
@ -1,12 +0,0 @@
|
||||||
# Users of this package & module should replace it with something like
|
|
||||||
# inadyn, after https://github.com/NixOS/nixpkgs/issues/242330 is
|
|
||||||
# landed.
|
|
||||||
#
|
|
||||||
# TODO(aspen): replace ddclient with inadyn or something else.
|
|
||||||
{ pkgs, ... }:
|
|
||||||
|
|
||||||
(pkgs.callPackage ./pkg.nix { }).overrideAttrs (old: {
|
|
||||||
passthru = old.passthru // {
|
|
||||||
module = ./module.nix;
|
|
||||||
};
|
|
||||||
})
|
|
230
third_party/ddclient/module.nix
vendored
230
third_party/ddclient/module.nix
vendored
|
@ -1,230 +0,0 @@
|
||||||
# SPDX-License-Identifier: MIT
|
|
||||||
# SPDX-FileCopyrightText: Copyright (c) 2003-2023 The Nixpkgs/NixOS contributors
|
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
|
|
||||||
let
|
|
||||||
cfg = config.services.deprecated-ddclient;
|
|
||||||
boolToStr = bool: if bool then "yes" else "no";
|
|
||||||
dataDir = "/var/lib/ddclient";
|
|
||||||
StateDirectory = builtins.baseNameOf dataDir;
|
|
||||||
RuntimeDirectory = StateDirectory;
|
|
||||||
|
|
||||||
configFile' = pkgs.writeText "ddclient.conf" ''
|
|
||||||
# This file can be used as a template for configFile or is automatically generated by Nix options.
|
|
||||||
cache=${dataDir}/ddclient.cache
|
|
||||||
foreground=YES
|
|
||||||
use=${cfg.use}
|
|
||||||
login=${cfg.username}
|
|
||||||
password=${if cfg.protocol == "nsupdate" then "/run/${RuntimeDirectory}/ddclient.key" else "@password_placeholder@"}
|
|
||||||
protocol=${cfg.protocol}
|
|
||||||
${lib.optionalString (cfg.script != "") "script=${cfg.script}"}
|
|
||||||
${lib.optionalString (cfg.server != "") "server=${cfg.server}"}
|
|
||||||
${lib.optionalString (cfg.zone != "") "zone=${cfg.zone}"}
|
|
||||||
ssl=${boolToStr cfg.ssl}
|
|
||||||
wildcard=YES
|
|
||||||
quiet=${boolToStr cfg.quiet}
|
|
||||||
verbose=${boolToStr cfg.verbose}
|
|
||||||
${cfg.extraConfig}
|
|
||||||
${lib.concatStringsSep "," cfg.domains}
|
|
||||||
'';
|
|
||||||
configFile = if (cfg.configFile != null) then cfg.configFile else configFile';
|
|
||||||
|
|
||||||
preStart = ''
|
|
||||||
install --mode=600 --owner=$USER ${configFile} /run/${RuntimeDirectory}/ddclient.conf
|
|
||||||
${lib.optionalString (cfg.configFile == null) (if (cfg.protocol == "nsupdate") then ''
|
|
||||||
install --mode=600 --owner=$USER ${cfg.passwordFile} /run/${RuntimeDirectory}/ddclient.key
|
|
||||||
'' else if (cfg.passwordFile != null) then ''
|
|
||||||
"${pkgs.replace-secret}/bin/replace-secret" "@password_placeholder@" "${cfg.passwordFile}" "/run/${RuntimeDirectory}/ddclient.conf"
|
|
||||||
'' else ''
|
|
||||||
sed -i '/^password=@password_placeholder@$/d' /run/${RuntimeDirectory}/ddclient.conf
|
|
||||||
'')}
|
|
||||||
'';
|
|
||||||
|
|
||||||
in
|
|
||||||
|
|
||||||
with lib;
|
|
||||||
|
|
||||||
{
|
|
||||||
###### interface
|
|
||||||
|
|
||||||
options = {
|
|
||||||
|
|
||||||
services.deprecated-ddclient = with lib.types; {
|
|
||||||
|
|
||||||
enable = mkOption {
|
|
||||||
default = false;
|
|
||||||
type = bool;
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
Whether to synchronise your machine's IP address with a dynamic DNS provider (e.g. dyndns.org).
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
package = mkOption {
|
|
||||||
type = package;
|
|
||||||
default = pkgs.ddclient;
|
|
||||||
defaultText = lib.literalExpression "pkgs.ddclient";
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
The ddclient executable package run by the service.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
domains = mkOption {
|
|
||||||
default = [ "" ];
|
|
||||||
type = listOf str;
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
Domain name(s) to synchronize.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
username = mkOption {
|
|
||||||
# For `nsupdate` username contains the path to the nsupdate executable
|
|
||||||
default = lib.optionalString (cfg.protocol == "nsupdate") "${pkgs.bind.dnsutils}/bin/nsupdate";
|
|
||||||
defaultText = "";
|
|
||||||
type = str;
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
User name.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
passwordFile = mkOption {
|
|
||||||
default = null;
|
|
||||||
type = nullOr str;
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
A file containing the password or a TSIG key in named format when using the nsupdate protocol.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
interval = mkOption {
|
|
||||||
default = "10min";
|
|
||||||
type = str;
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
The interval at which to run the check and update.
|
|
||||||
See {command}`man 7 systemd.time` for the format.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
configFile = mkOption {
|
|
||||||
default = null;
|
|
||||||
type = nullOr path;
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
Path to configuration file.
|
|
||||||
When set this overrides the generated configuration from module options.
|
|
||||||
'';
|
|
||||||
example = "/root/nixos/secrets/ddclient.conf";
|
|
||||||
};
|
|
||||||
|
|
||||||
protocol = mkOption {
|
|
||||||
default = "dyndns2";
|
|
||||||
type = str;
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
Protocol to use with dynamic DNS provider (see https://sourceforge.net/p/ddclient/wiki/protocols).
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
server = mkOption {
|
|
||||||
default = "";
|
|
||||||
type = str;
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
Server address.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
ssl = mkOption {
|
|
||||||
default = true;
|
|
||||||
type = bool;
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
Whether to use SSL/TLS to connect to dynamic DNS provider.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
quiet = mkOption {
|
|
||||||
default = false;
|
|
||||||
type = bool;
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
Print no messages for unnecessary updates.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
script = mkOption {
|
|
||||||
default = "";
|
|
||||||
type = str;
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
script as required by some providers.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
use = mkOption {
|
|
||||||
default = "web, web=checkip.dyndns.com/, web-skip='Current IP Address: '";
|
|
||||||
type = str;
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
Method to determine the IP address to send to the dynamic DNS provider.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
verbose = mkOption {
|
|
||||||
default = false;
|
|
||||||
type = bool;
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
Print verbose information.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
zone = mkOption {
|
|
||||||
default = "";
|
|
||||||
type = str;
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
zone as required by some providers.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
extraConfig = mkOption {
|
|
||||||
default = "";
|
|
||||||
type = lines;
|
|
||||||
description = lib.mdDoc ''
|
|
||||||
Extra configuration. Contents will be added verbatim to the configuration file.
|
|
||||||
::: {.note}
|
|
||||||
`daemon` should not be added here because it does not work great with the systemd-timer approach the service uses.
|
|
||||||
:::
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
###### implementation
|
|
||||||
|
|
||||||
config = mkMerge [
|
|
||||||
(mkIf cfg.enable {
|
|
||||||
systemd.services.ddclient = {
|
|
||||||
description = "Dynamic DNS Client";
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
after = [ "network.target" ];
|
|
||||||
restartTriggers = optional (cfg.configFile != null) cfg.configFile;
|
|
||||||
path = lib.optional (lib.hasPrefix "if," cfg.use) pkgs.iproute2;
|
|
||||||
|
|
||||||
serviceConfig = {
|
|
||||||
DynamicUser = true;
|
|
||||||
RuntimeDirectoryMode = "0700";
|
|
||||||
inherit RuntimeDirectory;
|
|
||||||
inherit StateDirectory;
|
|
||||||
Type = "oneshot";
|
|
||||||
ExecStartPre = "!${pkgs.writeShellScript "ddclient-prestart" preStart}";
|
|
||||||
ExecStart = "${lib.getBin cfg.package}/bin/ddclient -file /run/${RuntimeDirectory}/ddclient.conf";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.timers.ddclient = {
|
|
||||||
description = "Run ddclient";
|
|
||||||
wantedBy = [ "timers.target" ];
|
|
||||||
timerConfig = {
|
|
||||||
OnBootSec = cfg.interval;
|
|
||||||
OnUnitInactiveSec = cfg.interval;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
})
|
|
||||||
{
|
|
||||||
ids.uids.ddclient = 30;
|
|
||||||
ids.gids.ddclient = 30;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
}
|
|
45
third_party/ddclient/pkg.nix
vendored
45
third_party/ddclient/pkg.nix
vendored
|
@ -1,45 +0,0 @@
|
||||||
# SPDX-License-Identifier: MIT
|
|
||||||
# SPDX-FileCopyrightText: Copyright (c) 2003-2023 The Nixpkgs/NixOS contributors
|
|
||||||
{ lib, fetchFromGitHub, perlPackages, autoreconfHook, iproute2, perl }:
|
|
||||||
|
|
||||||
perlPackages.buildPerlPackage rec {
|
|
||||||
pname = "ddclient";
|
|
||||||
version = "3.10.0";
|
|
||||||
|
|
||||||
outputs = [ "out" ];
|
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
|
||||||
owner = "ddclient";
|
|
||||||
repo = "ddclient";
|
|
||||||
rev = "v${version}";
|
|
||||||
sha256 = "sha256-wWUkjXwVNZRJR1rXPn3IkDRi9is9vsRuNC/zq8RpB1E=";
|
|
||||||
};
|
|
||||||
|
|
||||||
postPatch = ''
|
|
||||||
touch Makefile.PL
|
|
||||||
'';
|
|
||||||
|
|
||||||
nativeBuildInputs = [ autoreconfHook ];
|
|
||||||
|
|
||||||
buildInputs = with perlPackages; [ IOSocketINET6 IOSocketSSL JSONPP ];
|
|
||||||
|
|
||||||
installPhase = ''
|
|
||||||
runHook preInstall
|
|
||||||
# patch sheebang ddclient script which only exists after buildPhase
|
|
||||||
preConfigure
|
|
||||||
install -Dm755 ddclient $out/bin/ddclient
|
|
||||||
install -Dm644 -t $out/share/doc/ddclient COP* README.* ChangeLog.md
|
|
||||||
runHook postInstall
|
|
||||||
'';
|
|
||||||
|
|
||||||
# TODO: run upstream tests
|
|
||||||
doCheck = false;
|
|
||||||
|
|
||||||
meta = with lib; {
|
|
||||||
description = "Client for updating dynamic DNS service entries";
|
|
||||||
homepage = "https://ddclient.net/";
|
|
||||||
license = licenses.gpl2Plus;
|
|
||||||
platforms = platforms.linux;
|
|
||||||
maintainers = with maintainers; [ SuperSandro2000 ];
|
|
||||||
};
|
|
||||||
}
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -8,7 +8,7 @@ in
|
||||||
{
|
{
|
||||||
"bbbg.age".publicKeys = [ grfn mugwump bbbg ];
|
"bbbg.age".publicKeys = [ grfn mugwump bbbg ];
|
||||||
"cloudflare.age".publicKeys = [ grfn mugwump ];
|
"cloudflare.age".publicKeys = [ grfn mugwump ];
|
||||||
"ddclient-password.age".publicKeys = [ grfn mugwump ];
|
"ddclient-password.age".publicKeys = [ grfn ogopogo ];
|
||||||
"buildkite-ssh-key.age".publicKeys = [ grfn mugwump ogopogo ];
|
"buildkite-ssh-key.age".publicKeys = [ grfn mugwump ogopogo ];
|
||||||
"buildkite-token.age".publicKeys = [ grfn mugwump ogopogo ];
|
"buildkite-token.age".publicKeys = [ grfn mugwump ogopogo ];
|
||||||
"windtunnel-bot-github-token.age".publicKeys = [ grfn mugwump ogopogo ];
|
"windtunnel-bot-github-token.age".publicKeys = [ grfn mugwump ogopogo ];
|
||||||
|
|
|
@ -1,11 +1,9 @@
|
||||||
age-encryption.org/v1
|
age-encryption.org/v1
|
||||||
-> ssh-ed25519 CpJBgQ YaZ2VHyXofn2qnxRrOYO4yPPu77BEPFq/cbnfa+5WAA
|
-> ssh-ed25519 CpJBgQ qVlQpHyewtBSfFIdU8GihXC7JhGbcvQ61ZsJC20wSH4
|
||||||
VgJQoyJVxirvASD0aDsuzmbNJdIP0kpHa5b72Ri7kr8
|
mZXwiTICzrG+3aCL67cO6cTWMgHkxhDyBi7tZ8l+QMA
|
||||||
-> ssh-ed25519 LfBFbQ cXXW3kQzZL7sU4heujIJGzvfpbX0toL2AgsJl5AZPEg
|
-> ssh-ed25519 LfBFbQ 78NQxflRkRMW5vSP1BEvASSQU2pZAfMwd7T2+6W7NQs
|
||||||
mhkKn69c/QeCJhYAFgx/MsHrIrXim3OcjkZ/rrckVLs
|
u0x986pFtnD9ZqfL3KnRrdYS5z9LRUPJhcmc8FQOuGo
|
||||||
-> ssh-ed25519 GeE7sQ /XcP3pWg+aKF1F0sPu6RpYv3Rfj2J/QI0yjg3Wgfjm0
|
-> ssh-ed25519 GeE7sQ aqFQGCywSimHNbN5si0PzmESUXwROjrpTe/5UdTyYw4
|
||||||
d+rsgbMlDJx0VrjD4/nO4UcM10hcrLxcPA3QlY1t7sQ
|
X2thEJIyOnNUsA746VwqZhH+44XBfCTvh7VOEg/zew0
|
||||||
-> "0?-grease k}d?h6 |v
|
--- ndSgjJv5Tel6ovKl+SBdDHZHlszgsEhOY1HHpNDvf1s
|
||||||
7mV6AFUdCMCrkmLVQaWJPQ
|
ÒüI¼Êʵu*1ðÄt©(úùºîƒ/œXÀÜË•3È’<C388>ï<12>†VGúÁT|Î@<40>·ÌKó¾<}§)se¹9`í¶*z
|
||||||
--- I9Ls9AWMkSFCKw7y4pLoTkeGw7h5iROwXLuUm0nfuj8
|
|
||||||
~‚v‰8‚&‚ü£¹3\²Òý.»%$¼›Éº°³tòóˆØQ©ˆÀ¨á”Åé¼Íœ}ˆ—ó,BEÇh
w96”çö?ÓU
|
|
|
@ -9,7 +9,6 @@ with lib;
|
||||||
(depot.path.origSrc + "/ops/modules/prometheus-fail2ban-exporter.nix")
|
(depot.path.origSrc + "/ops/modules/prometheus-fail2ban-exporter.nix")
|
||||||
(depot.path.origSrc + "/users/aspen/xanthous/server/module.nix")
|
(depot.path.origSrc + "/users/aspen/xanthous/server/module.nix")
|
||||||
(depot.third_party.agenix.src + "/modules/age.nix")
|
(depot.third_party.agenix.src + "/modules/age.nix")
|
||||||
depot.third_party.ddclient.module
|
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.hostName = "mugwump";
|
networking.hostName = "mugwump";
|
||||||
|
@ -83,7 +82,6 @@ with lib;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
cloudflare.file = secret "cloudflare";
|
cloudflare.file = secret "cloudflare";
|
||||||
ddclient-password.file = secret "ddclient-password";
|
|
||||||
|
|
||||||
buildkite-ssh-key = {
|
buildkite-ssh-key = {
|
||||||
file = secret "buildkite-ssh-key";
|
file = secret "buildkite-ssh-key";
|
||||||
|
@ -164,18 +162,6 @@ with lib;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.deprecated-ddclient = {
|
|
||||||
package = depot.third_party.ddclient;
|
|
||||||
enable = true;
|
|
||||||
domains = [ "home.gws.fyi" ];
|
|
||||||
interval = "1d";
|
|
||||||
zone = "gws.fyi";
|
|
||||||
protocol = "cloudflare";
|
|
||||||
username = "root@gws.fyi";
|
|
||||||
passwordFile = config.age.secretsDir + "/ddclient-password";
|
|
||||||
quiet = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
security.acme.certs."metrics.gws.fyi" = {
|
security.acme.certs."metrics.gws.fyi" = {
|
||||||
dnsProvider = "cloudflare";
|
dnsProvider = "cloudflare";
|
||||||
credentialsFile = config.age.secretsDir + "/cloudflare";
|
credentialsFile = config.age.secretsDir + "/cloudflare";
|
||||||
|
|
|
@ -96,4 +96,28 @@
|
||||||
wal_level = "logical";
|
wal_level = "logical";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# ddclient
|
||||||
|
age.secrets =
|
||||||
|
let
|
||||||
|
secret = name: depot.users.aspen.secrets."${name}.age";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
ddclient-password.file = secret "ddclient-password";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.ddclient = {
|
||||||
|
enable = true;
|
||||||
|
domains = [ "home.gws.fyi" ];
|
||||||
|
interval = "1d";
|
||||||
|
zone = "gws.fyi";
|
||||||
|
protocol = "cloudflare";
|
||||||
|
username = "root@gws.fyi";
|
||||||
|
passwordFile = config.age.secretsDir + "/ddclient-password";
|
||||||
|
quiet = true;
|
||||||
|
}
|
||||||
|
# TODO(aspen): Remove when upgrading past 4.0.0
|
||||||
|
// lib.optionalAttrs (lib.versionOlder pkgs.ddclient.version "4.0.0") {
|
||||||
|
ssl = false;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue