feat(aspen/system): Reinstate ddclient, migrate to ogopogo
ddclient is back in nixpkgs and nixos[0], so let's just use that, and
remove the backported package from third_party.
[0] 8a8ec36615
Change-Id: Ib14ab68158a6799c78d71e3bea63869ec9fc1a48
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12500
Tested-by: BuildkiteCI
Reviewed-by: aspen <root@gws.fyi>
Autosubmit: aspen <root@gws.fyi>
This commit is contained in:
parent
0320d778d9
commit
bf4f1a43e5
12 changed files with 33 additions and 312 deletions
12
third_party/ddclient/default.nix
vendored
12
third_party/ddclient/default.nix
vendored
|
@ -1,12 +0,0 @@
|
|||
# Users of this package & module should replace it with something like
|
||||
# inadyn, after https://github.com/NixOS/nixpkgs/issues/242330 is
|
||||
# landed.
|
||||
#
|
||||
# TODO(aspen): replace ddclient with inadyn or something else.
|
||||
{ pkgs, ... }:
|
||||
|
||||
(pkgs.callPackage ./pkg.nix { }).overrideAttrs (old: {
|
||||
passthru = old.passthru // {
|
||||
module = ./module.nix;
|
||||
};
|
||||
})
|
230
third_party/ddclient/module.nix
vendored
230
third_party/ddclient/module.nix
vendored
|
@ -1,230 +0,0 @@
|
|||
# SPDX-License-Identifier: MIT
|
||||
# SPDX-FileCopyrightText: Copyright (c) 2003-2023 The Nixpkgs/NixOS contributors
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
cfg = config.services.deprecated-ddclient;
|
||||
boolToStr = bool: if bool then "yes" else "no";
|
||||
dataDir = "/var/lib/ddclient";
|
||||
StateDirectory = builtins.baseNameOf dataDir;
|
||||
RuntimeDirectory = StateDirectory;
|
||||
|
||||
configFile' = pkgs.writeText "ddclient.conf" ''
|
||||
# This file can be used as a template for configFile or is automatically generated by Nix options.
|
||||
cache=${dataDir}/ddclient.cache
|
||||
foreground=YES
|
||||
use=${cfg.use}
|
||||
login=${cfg.username}
|
||||
password=${if cfg.protocol == "nsupdate" then "/run/${RuntimeDirectory}/ddclient.key" else "@password_placeholder@"}
|
||||
protocol=${cfg.protocol}
|
||||
${lib.optionalString (cfg.script != "") "script=${cfg.script}"}
|
||||
${lib.optionalString (cfg.server != "") "server=${cfg.server}"}
|
||||
${lib.optionalString (cfg.zone != "") "zone=${cfg.zone}"}
|
||||
ssl=${boolToStr cfg.ssl}
|
||||
wildcard=YES
|
||||
quiet=${boolToStr cfg.quiet}
|
||||
verbose=${boolToStr cfg.verbose}
|
||||
${cfg.extraConfig}
|
||||
${lib.concatStringsSep "," cfg.domains}
|
||||
'';
|
||||
configFile = if (cfg.configFile != null) then cfg.configFile else configFile';
|
||||
|
||||
preStart = ''
|
||||
install --mode=600 --owner=$USER ${configFile} /run/${RuntimeDirectory}/ddclient.conf
|
||||
${lib.optionalString (cfg.configFile == null) (if (cfg.protocol == "nsupdate") then ''
|
||||
install --mode=600 --owner=$USER ${cfg.passwordFile} /run/${RuntimeDirectory}/ddclient.key
|
||||
'' else if (cfg.passwordFile != null) then ''
|
||||
"${pkgs.replace-secret}/bin/replace-secret" "@password_placeholder@" "${cfg.passwordFile}" "/run/${RuntimeDirectory}/ddclient.conf"
|
||||
'' else ''
|
||||
sed -i '/^password=@password_placeholder@$/d' /run/${RuntimeDirectory}/ddclient.conf
|
||||
'')}
|
||||
'';
|
||||
|
||||
in
|
||||
|
||||
with lib;
|
||||
|
||||
{
|
||||
###### interface
|
||||
|
||||
options = {
|
||||
|
||||
services.deprecated-ddclient = with lib.types; {
|
||||
|
||||
enable = mkOption {
|
||||
default = false;
|
||||
type = bool;
|
||||
description = lib.mdDoc ''
|
||||
Whether to synchronise your machine's IP address with a dynamic DNS provider (e.g. dyndns.org).
|
||||
'';
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = package;
|
||||
default = pkgs.ddclient;
|
||||
defaultText = lib.literalExpression "pkgs.ddclient";
|
||||
description = lib.mdDoc ''
|
||||
The ddclient executable package run by the service.
|
||||
'';
|
||||
};
|
||||
|
||||
domains = mkOption {
|
||||
default = [ "" ];
|
||||
type = listOf str;
|
||||
description = lib.mdDoc ''
|
||||
Domain name(s) to synchronize.
|
||||
'';
|
||||
};
|
||||
|
||||
username = mkOption {
|
||||
# For `nsupdate` username contains the path to the nsupdate executable
|
||||
default = lib.optionalString (cfg.protocol == "nsupdate") "${pkgs.bind.dnsutils}/bin/nsupdate";
|
||||
defaultText = "";
|
||||
type = str;
|
||||
description = lib.mdDoc ''
|
||||
User name.
|
||||
'';
|
||||
};
|
||||
|
||||
passwordFile = mkOption {
|
||||
default = null;
|
||||
type = nullOr str;
|
||||
description = lib.mdDoc ''
|
||||
A file containing the password or a TSIG key in named format when using the nsupdate protocol.
|
||||
'';
|
||||
};
|
||||
|
||||
interval = mkOption {
|
||||
default = "10min";
|
||||
type = str;
|
||||
description = lib.mdDoc ''
|
||||
The interval at which to run the check and update.
|
||||
See {command}`man 7 systemd.time` for the format.
|
||||
'';
|
||||
};
|
||||
|
||||
configFile = mkOption {
|
||||
default = null;
|
||||
type = nullOr path;
|
||||
description = lib.mdDoc ''
|
||||
Path to configuration file.
|
||||
When set this overrides the generated configuration from module options.
|
||||
'';
|
||||
example = "/root/nixos/secrets/ddclient.conf";
|
||||
};
|
||||
|
||||
protocol = mkOption {
|
||||
default = "dyndns2";
|
||||
type = str;
|
||||
description = lib.mdDoc ''
|
||||
Protocol to use with dynamic DNS provider (see https://sourceforge.net/p/ddclient/wiki/protocols).
|
||||
'';
|
||||
};
|
||||
|
||||
server = mkOption {
|
||||
default = "";
|
||||
type = str;
|
||||
description = lib.mdDoc ''
|
||||
Server address.
|
||||
'';
|
||||
};
|
||||
|
||||
ssl = mkOption {
|
||||
default = true;
|
||||
type = bool;
|
||||
description = lib.mdDoc ''
|
||||
Whether to use SSL/TLS to connect to dynamic DNS provider.
|
||||
'';
|
||||
};
|
||||
|
||||
quiet = mkOption {
|
||||
default = false;
|
||||
type = bool;
|
||||
description = lib.mdDoc ''
|
||||
Print no messages for unnecessary updates.
|
||||
'';
|
||||
};
|
||||
|
||||
script = mkOption {
|
||||
default = "";
|
||||
type = str;
|
||||
description = lib.mdDoc ''
|
||||
script as required by some providers.
|
||||
'';
|
||||
};
|
||||
|
||||
use = mkOption {
|
||||
default = "web, web=checkip.dyndns.com/, web-skip='Current IP Address: '";
|
||||
type = str;
|
||||
description = lib.mdDoc ''
|
||||
Method to determine the IP address to send to the dynamic DNS provider.
|
||||
'';
|
||||
};
|
||||
|
||||
verbose = mkOption {
|
||||
default = false;
|
||||
type = bool;
|
||||
description = lib.mdDoc ''
|
||||
Print verbose information.
|
||||
'';
|
||||
};
|
||||
|
||||
zone = mkOption {
|
||||
default = "";
|
||||
type = str;
|
||||
description = lib.mdDoc ''
|
||||
zone as required by some providers.
|
||||
'';
|
||||
};
|
||||
|
||||
extraConfig = mkOption {
|
||||
default = "";
|
||||
type = lines;
|
||||
description = lib.mdDoc ''
|
||||
Extra configuration. Contents will be added verbatim to the configuration file.
|
||||
::: {.note}
|
||||
`daemon` should not be added here because it does not work great with the systemd-timer approach the service uses.
|
||||
:::
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
###### implementation
|
||||
|
||||
config = mkMerge [
|
||||
(mkIf cfg.enable {
|
||||
systemd.services.ddclient = {
|
||||
description = "Dynamic DNS Client";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
restartTriggers = optional (cfg.configFile != null) cfg.configFile;
|
||||
path = lib.optional (lib.hasPrefix "if," cfg.use) pkgs.iproute2;
|
||||
|
||||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
RuntimeDirectoryMode = "0700";
|
||||
inherit RuntimeDirectory;
|
||||
inherit StateDirectory;
|
||||
Type = "oneshot";
|
||||
ExecStartPre = "!${pkgs.writeShellScript "ddclient-prestart" preStart}";
|
||||
ExecStart = "${lib.getBin cfg.package}/bin/ddclient -file /run/${RuntimeDirectory}/ddclient.conf";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.timers.ddclient = {
|
||||
description = "Run ddclient";
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
OnBootSec = cfg.interval;
|
||||
OnUnitInactiveSec = cfg.interval;
|
||||
};
|
||||
};
|
||||
})
|
||||
{
|
||||
ids.uids.ddclient = 30;
|
||||
ids.gids.ddclient = 30;
|
||||
}
|
||||
];
|
||||
}
|
45
third_party/ddclient/pkg.nix
vendored
45
third_party/ddclient/pkg.nix
vendored
|
@ -1,45 +0,0 @@
|
|||
# SPDX-License-Identifier: MIT
|
||||
# SPDX-FileCopyrightText: Copyright (c) 2003-2023 The Nixpkgs/NixOS contributors
|
||||
{ lib, fetchFromGitHub, perlPackages, autoreconfHook, iproute2, perl }:
|
||||
|
||||
perlPackages.buildPerlPackage rec {
|
||||
pname = "ddclient";
|
||||
version = "3.10.0";
|
||||
|
||||
outputs = [ "out" ];
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "ddclient";
|
||||
repo = "ddclient";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-wWUkjXwVNZRJR1rXPn3IkDRi9is9vsRuNC/zq8RpB1E=";
|
||||
};
|
||||
|
||||
postPatch = ''
|
||||
touch Makefile.PL
|
||||
'';
|
||||
|
||||
nativeBuildInputs = [ autoreconfHook ];
|
||||
|
||||
buildInputs = with perlPackages; [ IOSocketINET6 IOSocketSSL JSONPP ];
|
||||
|
||||
installPhase = ''
|
||||
runHook preInstall
|
||||
# patch sheebang ddclient script which only exists after buildPhase
|
||||
preConfigure
|
||||
install -Dm755 ddclient $out/bin/ddclient
|
||||
install -Dm644 -t $out/share/doc/ddclient COP* README.* ChangeLog.md
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
# TODO: run upstream tests
|
||||
doCheck = false;
|
||||
|
||||
meta = with lib; {
|
||||
description = "Client for updating dynamic DNS service entries";
|
||||
homepage = "https://ddclient.net/";
|
||||
license = licenses.gpl2Plus;
|
||||
platforms = platforms.linux;
|
||||
maintainers = with maintainers; [ SuperSandro2000 ];
|
||||
};
|
||||
}
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -8,7 +8,7 @@ in
|
|||
{
|
||||
"bbbg.age".publicKeys = [ grfn mugwump bbbg ];
|
||||
"cloudflare.age".publicKeys = [ grfn mugwump ];
|
||||
"ddclient-password.age".publicKeys = [ grfn mugwump ];
|
||||
"ddclient-password.age".publicKeys = [ grfn ogopogo ];
|
||||
"buildkite-ssh-key.age".publicKeys = [ grfn mugwump ogopogo ];
|
||||
"buildkite-token.age".publicKeys = [ grfn mugwump ogopogo ];
|
||||
"windtunnel-bot-github-token.age".publicKeys = [ grfn mugwump ogopogo ];
|
||||
|
|
|
@ -1,11 +1,9 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 CpJBgQ YaZ2VHyXofn2qnxRrOYO4yPPu77BEPFq/cbnfa+5WAA
|
||||
VgJQoyJVxirvASD0aDsuzmbNJdIP0kpHa5b72Ri7kr8
|
||||
-> ssh-ed25519 LfBFbQ cXXW3kQzZL7sU4heujIJGzvfpbX0toL2AgsJl5AZPEg
|
||||
mhkKn69c/QeCJhYAFgx/MsHrIrXim3OcjkZ/rrckVLs
|
||||
-> ssh-ed25519 GeE7sQ /XcP3pWg+aKF1F0sPu6RpYv3Rfj2J/QI0yjg3Wgfjm0
|
||||
d+rsgbMlDJx0VrjD4/nO4UcM10hcrLxcPA3QlY1t7sQ
|
||||
-> "0?-grease k}d?h6 |v
|
||||
7mV6AFUdCMCrkmLVQaWJPQ
|
||||
--- I9Ls9AWMkSFCKw7y4pLoTkeGw7h5iROwXLuUm0nfuj8
|
||||
~‚v‰8‚&‚ü£¹3\²Òý.»%$¼›Éº°³tòóˆØQ©ˆÀ¨á”Åé¼Íœ}ˆ—ó,BEÇh
w96”çö?ÓU
|
||||
-> ssh-ed25519 CpJBgQ qVlQpHyewtBSfFIdU8GihXC7JhGbcvQ61ZsJC20wSH4
|
||||
mZXwiTICzrG+3aCL67cO6cTWMgHkxhDyBi7tZ8l+QMA
|
||||
-> ssh-ed25519 LfBFbQ 78NQxflRkRMW5vSP1BEvASSQU2pZAfMwd7T2+6W7NQs
|
||||
u0x986pFtnD9ZqfL3KnRrdYS5z9LRUPJhcmc8FQOuGo
|
||||
-> ssh-ed25519 GeE7sQ aqFQGCywSimHNbN5si0PzmESUXwROjrpTe/5UdTyYw4
|
||||
X2thEJIyOnNUsA746VwqZhH+44XBfCTvh7VOEg/zew0
|
||||
--- ndSgjJv5Tel6ovKl+SBdDHZHlszgsEhOY1HHpNDvf1s
|
||||
ÒüI¼Êʵu*1ðÄt©(úùºîƒ/œXÀÜË•3È’<C388>ï<12>†VGúÁT|Î@<40>·ÌKó¾<}§)se¹9`í¶*z
|
|
@ -9,7 +9,6 @@ with lib;
|
|||
(depot.path.origSrc + "/ops/modules/prometheus-fail2ban-exporter.nix")
|
||||
(depot.path.origSrc + "/users/aspen/xanthous/server/module.nix")
|
||||
(depot.third_party.agenix.src + "/modules/age.nix")
|
||||
depot.third_party.ddclient.module
|
||||
];
|
||||
|
||||
networking.hostName = "mugwump";
|
||||
|
@ -83,7 +82,6 @@ with lib;
|
|||
in
|
||||
{
|
||||
cloudflare.file = secret "cloudflare";
|
||||
ddclient-password.file = secret "ddclient-password";
|
||||
|
||||
buildkite-ssh-key = {
|
||||
file = secret "buildkite-ssh-key";
|
||||
|
@ -164,18 +162,6 @@ with lib;
|
|||
};
|
||||
};
|
||||
|
||||
services.deprecated-ddclient = {
|
||||
package = depot.third_party.ddclient;
|
||||
enable = true;
|
||||
domains = [ "home.gws.fyi" ];
|
||||
interval = "1d";
|
||||
zone = "gws.fyi";
|
||||
protocol = "cloudflare";
|
||||
username = "root@gws.fyi";
|
||||
passwordFile = config.age.secretsDir + "/ddclient-password";
|
||||
quiet = true;
|
||||
};
|
||||
|
||||
security.acme.certs."metrics.gws.fyi" = {
|
||||
dnsProvider = "cloudflare";
|
||||
credentialsFile = config.age.secretsDir + "/cloudflare";
|
||||
|
|
|
@ -96,4 +96,28 @@
|
|||
wal_level = "logical";
|
||||
};
|
||||
};
|
||||
|
||||
# ddclient
|
||||
age.secrets =
|
||||
let
|
||||
secret = name: depot.users.aspen.secrets."${name}.age";
|
||||
in
|
||||
{
|
||||
ddclient-password.file = secret "ddclient-password";
|
||||
};
|
||||
|
||||
services.ddclient = {
|
||||
enable = true;
|
||||
domains = [ "home.gws.fyi" ];
|
||||
interval = "1d";
|
||||
zone = "gws.fyi";
|
||||
protocol = "cloudflare";
|
||||
username = "root@gws.fyi";
|
||||
passwordFile = config.age.secretsDir + "/ddclient-password";
|
||||
quiet = true;
|
||||
}
|
||||
# TODO(aspen): Remove when upgrading past 4.0.0
|
||||
// lib.optionalAttrs (lib.versionOlder pkgs.ddclient.version "4.0.0") {
|
||||
ssl = false;
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue