fix(grfn/mugwump): Update for new ddclient config format

There's a passwordFile option now! Change-Id: I7aa21891c3502ceddcb0bb08a83a5a3a8a6bcdc9 Reviewed-on: https://cl.tvl.fyi/c/depot/+/5025 Reviewed-by: grfn <grfn@gws.fyi> Autosubmit: grfn <grfn@gws.fyi> Tested-by: BuildkiteCI
2022-01-17 18:05:16 -05:00 · 2022-01-17 18:05:16 -05:00 · d92ffcc751
commit d92ffcc751
parent a366008053
3 changed files with 12 additions and 16 deletions
--- a/users/grfn/secrets/ddclient-password.age
+++ b/users/grfn/secrets/ddclient-password.age
@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 CpJBgQ 1Yw1EllkiG38qEQ03eN1p8WzC74zKb6YIuZMb3RD0ik
+P7iAo2rCex8XkCyWKjTSecAZDg5wokrfBLRk/Nl479w
+-> ssh-ed25519 LfBFbQ /cMWDtN+SlCs7WsomkngPpPK/4RHpCDZr2bg+jyqHEs
+bgnNTXhxYtW84twA7ty9RWgycABW0MI9OEk69TRT2ro
+-> Ujl-grease l_8cO.F
+pw/kCMvXCg4my4M
+--- m3jMrTCJFA1bGgKERiAhAYvXt/++wWzva0CVdtz3cgQ
+]>'C[›*€*új¥!³¶`™7»<üŸQäƒø míIÑ7tGW ŒÏ³;ç{Ja‘Õnˆpúòð–×©`b‡tÓÖ
--- a/users/grfn/secrets/secrets.nix
+++ b/users/grfn/secrets/secrets.nix
@ -7,4 +7,5 @@ in
 {
  "bbbg.age".publicKeys = [ grfn mugwump bbbg ];
  "cloudflare.age".publicKeys = [ grfn mugwump ];
+  "ddclient-password.age".publicKeys = [ grfn mugwump ];
 }
--- a/users/grfn/system/system/machines/mugwump.nix
+++ b/users/grfn/system/system/machines/mugwump.nix
@ -71,6 +71,7 @@ with lib;
  in {
    bbbg.file = secret "bbbg";
    cloudflare.file = secret "cloudflare";
+    ddclient-password.file = secret "ddclient-password";
  };

  services.depot.auto-deploy = {
@ -137,25 +138,10 @@ with lib;
    zone = "gws.fyi";
    protocol = "cloudflare";
    username = "root@gws.fyi";
+    passwordFile = "/run/agenix/ddclient-password";
    quiet = true;
  };

-  systemd.services.ddclient.serviceConfig = {
-    EnvironmentFile = "/run/agenix/cloudflare";
-    DynamicUser = lib.mkForce false;
-    ExecStart = lib.mkForce (
-      let runtimeDir =
-            config.systemd.services.ddclient.serviceConfig.RuntimeDirectory;
-      in pkgs.writeShellScript "ddclient" ''
-        set -eo pipefail
-
-        ${pkgs.gnused}/bin/sed -i -s s/password=/password=$CLOUDFLARE_API_KEY/ /run/${runtimeDir}/ddclient.conf
-        exec ${pkgs.ddclient}/bin/ddclient \
-          -file /run/${runtimeDir}/ddclient.conf \
-          -login=$CLOUDFLARE_EMAIL \
-      '');
-  };
-
  security.acme.certs."metrics.gws.fyi" = {
    dnsProvider = "cloudflare";
    credentialsFile = "/run/agenix/cloudflare";