feat(aspen/system): Reinstate ddclient, migrate to ogopogo

ddclient is back in nixpkgs and nixos[0], so let's just use that, and
remove the backported package from third_party.

[0] 8a8ec36615

Change-Id: Ib14ab68158a6799c78d71e3bea63869ec9fc1a48
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12500
Tested-by: BuildkiteCI
Reviewed-by: aspen <root@gws.fyi>
Autosubmit: aspen <root@gws.fyi>
This commit is contained in:
Aspen Smith 2024-09-21 11:37:43 -04:00 committed by clbot
parent 0320d778d9
commit bf4f1a43e5
12 changed files with 33 additions and 312 deletions

View file

@ -1,12 +0,0 @@
# Users of this package & module should replace it with something like
# inadyn, after https://github.com/NixOS/nixpkgs/issues/242330 is
# landed.
#
# TODO(aspen): replace ddclient with inadyn or something else.
{ pkgs, ... }:
(pkgs.callPackage ./pkg.nix { }).overrideAttrs (old: {
passthru = old.passthru // {
module = ./module.nix;
};
})

View file

@ -1,230 +0,0 @@
# SPDX-License-Identifier: MIT
# SPDX-FileCopyrightText: Copyright (c) 2003-2023 The Nixpkgs/NixOS contributors
{ config, pkgs, lib, ... }:
let
cfg = config.services.deprecated-ddclient;
boolToStr = bool: if bool then "yes" else "no";
dataDir = "/var/lib/ddclient";
StateDirectory = builtins.baseNameOf dataDir;
RuntimeDirectory = StateDirectory;
configFile' = pkgs.writeText "ddclient.conf" ''
# This file can be used as a template for configFile or is automatically generated by Nix options.
cache=${dataDir}/ddclient.cache
foreground=YES
use=${cfg.use}
login=${cfg.username}
password=${if cfg.protocol == "nsupdate" then "/run/${RuntimeDirectory}/ddclient.key" else "@password_placeholder@"}
protocol=${cfg.protocol}
${lib.optionalString (cfg.script != "") "script=${cfg.script}"}
${lib.optionalString (cfg.server != "") "server=${cfg.server}"}
${lib.optionalString (cfg.zone != "") "zone=${cfg.zone}"}
ssl=${boolToStr cfg.ssl}
wildcard=YES
quiet=${boolToStr cfg.quiet}
verbose=${boolToStr cfg.verbose}
${cfg.extraConfig}
${lib.concatStringsSep "," cfg.domains}
'';
configFile = if (cfg.configFile != null) then cfg.configFile else configFile';
preStart = ''
install --mode=600 --owner=$USER ${configFile} /run/${RuntimeDirectory}/ddclient.conf
${lib.optionalString (cfg.configFile == null) (if (cfg.protocol == "nsupdate") then ''
install --mode=600 --owner=$USER ${cfg.passwordFile} /run/${RuntimeDirectory}/ddclient.key
'' else if (cfg.passwordFile != null) then ''
"${pkgs.replace-secret}/bin/replace-secret" "@password_placeholder@" "${cfg.passwordFile}" "/run/${RuntimeDirectory}/ddclient.conf"
'' else ''
sed -i '/^password=@password_placeholder@$/d' /run/${RuntimeDirectory}/ddclient.conf
'')}
'';
in
with lib;
{
###### interface
options = {
services.deprecated-ddclient = with lib.types; {
enable = mkOption {
default = false;
type = bool;
description = lib.mdDoc ''
Whether to synchronise your machine's IP address with a dynamic DNS provider (e.g. dyndns.org).
'';
};
package = mkOption {
type = package;
default = pkgs.ddclient;
defaultText = lib.literalExpression "pkgs.ddclient";
description = lib.mdDoc ''
The ddclient executable package run by the service.
'';
};
domains = mkOption {
default = [ "" ];
type = listOf str;
description = lib.mdDoc ''
Domain name(s) to synchronize.
'';
};
username = mkOption {
# For `nsupdate` username contains the path to the nsupdate executable
default = lib.optionalString (cfg.protocol == "nsupdate") "${pkgs.bind.dnsutils}/bin/nsupdate";
defaultText = "";
type = str;
description = lib.mdDoc ''
User name.
'';
};
passwordFile = mkOption {
default = null;
type = nullOr str;
description = lib.mdDoc ''
A file containing the password or a TSIG key in named format when using the nsupdate protocol.
'';
};
interval = mkOption {
default = "10min";
type = str;
description = lib.mdDoc ''
The interval at which to run the check and update.
See {command}`man 7 systemd.time` for the format.
'';
};
configFile = mkOption {
default = null;
type = nullOr path;
description = lib.mdDoc ''
Path to configuration file.
When set this overrides the generated configuration from module options.
'';
example = "/root/nixos/secrets/ddclient.conf";
};
protocol = mkOption {
default = "dyndns2";
type = str;
description = lib.mdDoc ''
Protocol to use with dynamic DNS provider (see https://sourceforge.net/p/ddclient/wiki/protocols).
'';
};
server = mkOption {
default = "";
type = str;
description = lib.mdDoc ''
Server address.
'';
};
ssl = mkOption {
default = true;
type = bool;
description = lib.mdDoc ''
Whether to use SSL/TLS to connect to dynamic DNS provider.
'';
};
quiet = mkOption {
default = false;
type = bool;
description = lib.mdDoc ''
Print no messages for unnecessary updates.
'';
};
script = mkOption {
default = "";
type = str;
description = lib.mdDoc ''
script as required by some providers.
'';
};
use = mkOption {
default = "web, web=checkip.dyndns.com/, web-skip='Current IP Address: '";
type = str;
description = lib.mdDoc ''
Method to determine the IP address to send to the dynamic DNS provider.
'';
};
verbose = mkOption {
default = false;
type = bool;
description = lib.mdDoc ''
Print verbose information.
'';
};
zone = mkOption {
default = "";
type = str;
description = lib.mdDoc ''
zone as required by some providers.
'';
};
extraConfig = mkOption {
default = "";
type = lines;
description = lib.mdDoc ''
Extra configuration. Contents will be added verbatim to the configuration file.
::: {.note}
`daemon` should not be added here because it does not work great with the systemd-timer approach the service uses.
:::
'';
};
};
};
###### implementation
config = mkMerge [
(mkIf cfg.enable {
systemd.services.ddclient = {
description = "Dynamic DNS Client";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
restartTriggers = optional (cfg.configFile != null) cfg.configFile;
path = lib.optional (lib.hasPrefix "if," cfg.use) pkgs.iproute2;
serviceConfig = {
DynamicUser = true;
RuntimeDirectoryMode = "0700";
inherit RuntimeDirectory;
inherit StateDirectory;
Type = "oneshot";
ExecStartPre = "!${pkgs.writeShellScript "ddclient-prestart" preStart}";
ExecStart = "${lib.getBin cfg.package}/bin/ddclient -file /run/${RuntimeDirectory}/ddclient.conf";
};
};
systemd.timers.ddclient = {
description = "Run ddclient";
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = cfg.interval;
OnUnitInactiveSec = cfg.interval;
};
};
})
{
ids.uids.ddclient = 30;
ids.gids.ddclient = 30;
}
];
}

View file

@ -1,45 +0,0 @@
# SPDX-License-Identifier: MIT
# SPDX-FileCopyrightText: Copyright (c) 2003-2023 The Nixpkgs/NixOS contributors
{ lib, fetchFromGitHub, perlPackages, autoreconfHook, iproute2, perl }:
perlPackages.buildPerlPackage rec {
pname = "ddclient";
version = "3.10.0";
outputs = [ "out" ];
src = fetchFromGitHub {
owner = "ddclient";
repo = "ddclient";
rev = "v${version}";
sha256 = "sha256-wWUkjXwVNZRJR1rXPn3IkDRi9is9vsRuNC/zq8RpB1E=";
};
postPatch = ''
touch Makefile.PL
'';
nativeBuildInputs = [ autoreconfHook ];
buildInputs = with perlPackages; [ IOSocketINET6 IOSocketSSL JSONPP ];
installPhase = ''
runHook preInstall
# patch sheebang ddclient script which only exists after buildPhase
preConfigure
install -Dm755 ddclient $out/bin/ddclient
install -Dm644 -t $out/share/doc/ddclient COP* README.* ChangeLog.md
runHook postInstall
'';
# TODO: run upstream tests
doCheck = false;
meta = with lib; {
description = "Client for updating dynamic DNS service entries";
homepage = "https://ddclient.net/";
license = licenses.gpl2Plus;
platforms = platforms.linux;
maintainers = with maintainers; [ SuperSandro2000 ];
};
}

Binary file not shown.

Binary file not shown.

View file

@ -8,7 +8,7 @@ in
{
"bbbg.age".publicKeys = [ grfn mugwump bbbg ];
"cloudflare.age".publicKeys = [ grfn mugwump ];
"ddclient-password.age".publicKeys = [ grfn mugwump ];
"ddclient-password.age".publicKeys = [ grfn ogopogo ];
"buildkite-ssh-key.age".publicKeys = [ grfn mugwump ogopogo ];
"buildkite-token.age".publicKeys = [ grfn mugwump ogopogo ];
"windtunnel-bot-github-token.age".publicKeys = [ grfn mugwump ogopogo ];

View file

@ -1,11 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 CpJBgQ YaZ2VHyXofn2qnxRrOYO4yPPu77BEPFq/cbnfa+5WAA
VgJQoyJVxirvASD0aDsuzmbNJdIP0kpHa5b72Ri7kr8
-> ssh-ed25519 LfBFbQ cXXW3kQzZL7sU4heujIJGzvfpbX0toL2AgsJl5AZPEg
mhkKn69c/QeCJhYAFgx/MsHrIrXim3OcjkZ/rrckVLs
-> ssh-ed25519 GeE7sQ /XcP3pWg+aKF1F0sPu6RpYv3Rfj2J/QI0yjg3Wgfjm0
d+rsgbMlDJx0VrjD4/nO4UcM10hcrLxcPA3QlY1t7sQ
-> "0?-grease k}d?h6 |v
7mV6AFUdCMCrkmLVQaWJPQ
--- I9Ls9AWMkSFCKw7y4pLoTkeGw7h5iROwXLuUm0nfuj8
~v‰8&ü£¹3\²Òý.»%$¼›Éº°³tòóˆØQ©ˆÀ¨á”Åé¼Íœ}ˆ—ó,BEÇh w96”çö?ÓU
-> ssh-ed25519 CpJBgQ qVlQpHyewtBSfFIdU8GihXC7JhGbcvQ61ZsJC20wSH4
mZXwiTICzrG+3aCL67cO6cTWMgHkxhDyBi7tZ8l+QMA
-> ssh-ed25519 LfBFbQ 78NQxflRkRMW5vSP1BEvASSQU2pZAfMwd7T2+6W7NQs
u0x986pFtnD9ZqfL3KnRrdYS5z9LRUPJhcmc8FQOuGo
-> ssh-ed25519 GeE7sQ aqFQGCywSimHNbN5si0PzmESUXwROjrpTe/5UdTyYw4
X2thEJIyOnNUsA746VwqZhH+44XBfCTvh7VOEg/zew0
--- ndSgjJv5Tel6ovKl+SBdDHZHlszgsEhOY1HHpNDvf1s
ÒüI¼Êʵu*1ðÄt©(úùºîƒ/œXÀÜË•3È<C388>ï<12>†VGúÁT|Î@<40>·ÌKó¾<}§)se¹9`í¶*z

View file

@ -9,7 +9,6 @@ with lib;
(depot.path.origSrc + "/ops/modules/prometheus-fail2ban-exporter.nix")
(depot.path.origSrc + "/users/aspen/xanthous/server/module.nix")
(depot.third_party.agenix.src + "/modules/age.nix")
depot.third_party.ddclient.module
];
networking.hostName = "mugwump";
@ -83,7 +82,6 @@ with lib;
in
{
cloudflare.file = secret "cloudflare";
ddclient-password.file = secret "ddclient-password";
buildkite-ssh-key = {
file = secret "buildkite-ssh-key";
@ -164,18 +162,6 @@ with lib;
};
};
services.deprecated-ddclient = {
package = depot.third_party.ddclient;
enable = true;
domains = [ "home.gws.fyi" ];
interval = "1d";
zone = "gws.fyi";
protocol = "cloudflare";
username = "root@gws.fyi";
passwordFile = config.age.secretsDir + "/ddclient-password";
quiet = true;
};
security.acme.certs."metrics.gws.fyi" = {
dnsProvider = "cloudflare";
credentialsFile = config.age.secretsDir + "/cloudflare";

View file

@ -96,4 +96,28 @@
wal_level = "logical";
};
};
# ddclient
age.secrets =
let
secret = name: depot.users.aspen.secrets."${name}.age";
in
{
ddclient-password.file = secret "ddclient-password";
};
services.ddclient = {
enable = true;
domains = [ "home.gws.fyi" ];
interval = "1d";
zone = "gws.fyi";
protocol = "cloudflare";
username = "root@gws.fyi";
passwordFile = config.age.secretsDir + "/ddclient-password";
quiet = true;
}
# TODO(aspen): Remove when upgrading past 4.0.0
// lib.optionalAttrs (lib.versionOlder pkgs.ddclient.version "4.0.0") {
ssl = false;
};
}