Add dyndns for iron

2023-05-02 20:39:59 +00:00 · 2023-05-02 20:39:59 +00:00 · 6e55df595e
commit 6e55df595e
parent 5e5e05d90e
4 changed files with 64 additions and 7 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -1,22 +1,29 @@
 keys:
  - &admin_jalr 66FB54F6081375106EEBF651A222365EB448F934
  - &admin_jalr_tb FE170812543DF81393EA56BA5042B8317A10617E
-  - &host_hafnium age1ahnfjspcpwxxk7getcxkj3fypwt37rr6p3xsmp8n2tqqqz8jtg7q2am0et
  - &host_aluminium age1ne08hny30vrkejqhh7dcx4ql6dmkx6jw9dqkf3cz7mzvt53njy0qh59w44
+  - &host_hafnium age1ahnfjspcpwxxk7getcxkj3fypwt37rr6p3xsmp8n2tqqqz8jtg7q2am0et
+  - &host_iron age1hx7fdu4mcha7kkxe7yevtvs6xgzgaafgenm3drhvr609wlj94sgqm497je
  - &host_weinturm_pretix_prod age1w42q9qg7l6gea36erhw0u7jvlpenvtrjm38q4ux0aasa929hes6s2ecj6m
 creation_rules:
-  - path_regex: hosts/hafnium/secrets\.yaml$
-    key_groups:
-    - pgp:
-      - *admin_jalr_tb
-      age:
-      - *host_hafnium
  - path_regex: hosts/aluminium/secrets\.yaml$
    key_groups:
    - pgp:
      - *admin_jalr
      age:
      - *host_aluminium
+  - path_regex: hosts/hafnium/secrets\.yaml$
+    key_groups:
+    - pgp:
+      - *admin_jalr_tb
+      age:
+      - *host_hafnium
+  - path_regex: hosts/iron/secrets\.yaml$
+    key_groups:
+    - pgp:
+      - *admin_jalr
+      age:
+      - *host_iron
  - path_regex: hosts/weinturm-pretix-prod/secrets\.yaml$
    key_groups:
    - pgp:
--- a/hosts/iron/secrets.yaml
+++ b/hosts/iron/secrets.yaml
@ -0,0 +1,32 @@
+duckdns-secret: ENC[AES256_GCM,data:SAf/xZ28tgmvqcVKC2tMNRm838AVMMNCC3fpYLXBEIoTl7E7,iv:+KTEpNMj0+aVCGKB1dRFFslgjpBhSzBZFdee+VIAt4o=,tag:C/eSyoQjAgD7Qv4J4jsp4g==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1hx7fdu4mcha7kkxe7yevtvs6xgzgaafgenm3drhvr609wlj94sgqm497je
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsdnRlZktJNHQwSWdlb2l6
+            aFNRS3U0UHM5UFVkTUtqMHU1Y093ZjdNMUhrCmZVMlBNSTlwYjlQaklzZENnR013
+            UXFNaWp3WXhQOC81dGFFQXNwVHVYajAKLS0tIGh5ek95NnNRbWFsVkRncFJ3VUdE
+            TjdZRldhSzVtMkVoTzY1NjdGbCswRVUK0pi+8UuLqRmytcR2ikxOAM02iccl8P1y
+            ixv0PKPLd+vQ23QeeQy/TfoGx16XttaDUnUrPLZR3TUKtAcld8+m6w==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-05-02T19:30:49Z"
+    mac: ENC[AES256_GCM,data:At3/ci8Dsq1ljzL1ZkbS+NsZmU008G3r/QRyPv4abK3SY7Zf6kfTeL0YomfSixkEZxGTBSJY1hK+jHSsV1KAojG/f1xNkTIszJBjjFb/BWYpDD31CWft5I1Loz66IIf0EU8qIJv2QrDP7TrBlU6UeXNnmlCNt4OStU8n5559TA4=,iv:DawliBKBJCWUcv86CLErKo1xGdYNfTYqyrFyGNY+8z4=,tag:1FcLKAKk1v7JsFMybL5GEA==,type:str]
+    pgp:
+        - created_at: "2023-05-02T19:30:42Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+
+            hF4D3ylLYNOsO+0SAQdA16evFPF5J4wB4iw3y6rQbjpyVKiU/M7qZmdsKOBpLQgw
+            CccmnhDpRDvQ2pTlHh674o0flfXTvFQ2H2a7KuVDLerdUuw+aBGD1RB+Ob0Vvfoi
+            0l4BKpYchtdJQpQuL2Gy5LToty9EZUVVRvhyIfSasWCdDH9ajNWHFcKn6MX9wj46
+            ly6CeFgZKAyyeQ6qWQnft7inEQk7krl53NBrbzDN3Rfz71zmpO97h/av7y7ilffa
+            =DpnU
+            -----END PGP MESSAGE-----
+          fp: 66FB54F6081375106EEBF651A222365EB448F934
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3
--- a/hosts/iron/services/default.nix
+++ b/hosts/iron/services/default.nix
@ -1,6 +1,7 @@
 {
  imports = [
    ./dnsmasq.nix
+    ./dyndns.nix
    ./nginx.nix
    ./torrent.nix
    ./unifi-controller.nix
--- a/hosts/iron/services/dyndns.nix
+++ b/hosts/iron/services/dyndns.nix
@ -0,0 +1,17 @@
+{ config, ... }:
+{
+  sops.secrets.duckdns-secret = {
+    sopsFile = ../secrets.yaml;
+  };
+  services.ddclient = {
+    enable = true;
+    interval = "1min";
+    protocol = "duckdns";
+    server = "www.duckdns.org";
+    username = "nouser";
+    passwordFile = config.sops.secrets.duckdns-secret.path;
+    domains = [ "jalr-bw" ];
+    use = "if, if=enp4s5";
+    #usev6=ifv6, ifv6=enp3s4
+  };
+}