diff --git a/.sops.yaml b/.sops.yaml index c0ff79d..3dc2cf6 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,22 +1,29 @@ keys: - &admin_jalr 66FB54F6081375106EEBF651A222365EB448F934 - &admin_jalr_tb FE170812543DF81393EA56BA5042B8317A10617E - - &host_hafnium age1ahnfjspcpwxxk7getcxkj3fypwt37rr6p3xsmp8n2tqqqz8jtg7q2am0et - &host_aluminium age1ne08hny30vrkejqhh7dcx4ql6dmkx6jw9dqkf3cz7mzvt53njy0qh59w44 + - &host_hafnium age1ahnfjspcpwxxk7getcxkj3fypwt37rr6p3xsmp8n2tqqqz8jtg7q2am0et + - &host_iron age1hx7fdu4mcha7kkxe7yevtvs6xgzgaafgenm3drhvr609wlj94sgqm497je - &host_weinturm_pretix_prod age1w42q9qg7l6gea36erhw0u7jvlpenvtrjm38q4ux0aasa929hes6s2ecj6m creation_rules: - - path_regex: hosts/hafnium/secrets\.yaml$ - key_groups: - - pgp: - - *admin_jalr_tb - age: - - *host_hafnium - path_regex: hosts/aluminium/secrets\.yaml$ key_groups: - pgp: - *admin_jalr age: - *host_aluminium + - path_regex: hosts/hafnium/secrets\.yaml$ + key_groups: + - pgp: + - *admin_jalr_tb + age: + - *host_hafnium + - path_regex: hosts/iron/secrets\.yaml$ + key_groups: + - pgp: + - *admin_jalr + age: + - *host_iron - path_regex: hosts/weinturm-pretix-prod/secrets\.yaml$ key_groups: - pgp: diff --git a/hosts/iron/secrets.yaml b/hosts/iron/secrets.yaml new file mode 100644 index 0000000..1db35df --- /dev/null +++ b/hosts/iron/secrets.yaml @@ -0,0 +1,32 @@ +duckdns-secret: ENC[AES256_GCM,data:SAf/xZ28tgmvqcVKC2tMNRm838AVMMNCC3fpYLXBEIoTl7E7,iv:+KTEpNMj0+aVCGKB1dRFFslgjpBhSzBZFdee+VIAt4o=,tag:C/eSyoQjAgD7Qv4J4jsp4g==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1hx7fdu4mcha7kkxe7yevtvs6xgzgaafgenm3drhvr609wlj94sgqm497je + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsdnRlZktJNHQwSWdlb2l6 + aFNRS3U0UHM5UFVkTUtqMHU1Y093ZjdNMUhrCmZVMlBNSTlwYjlQaklzZENnR013 + UXFNaWp3WXhQOC81dGFFQXNwVHVYajAKLS0tIGh5ek95NnNRbWFsVkRncFJ3VUdE + TjdZRldhSzVtMkVoTzY1NjdGbCswRVUK0pi+8UuLqRmytcR2ikxOAM02iccl8P1y + ixv0PKPLd+vQ23QeeQy/TfoGx16XttaDUnUrPLZR3TUKtAcld8+m6w== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2023-05-02T19:30:49Z" + mac: ENC[AES256_GCM,data:At3/ci8Dsq1ljzL1ZkbS+NsZmU008G3r/QRyPv4abK3SY7Zf6kfTeL0YomfSixkEZxGTBSJY1hK+jHSsV1KAojG/f1xNkTIszJBjjFb/BWYpDD31CWft5I1Loz66IIf0EU8qIJv2QrDP7TrBlU6UeXNnmlCNt4OStU8n5559TA4=,iv:DawliBKBJCWUcv86CLErKo1xGdYNfTYqyrFyGNY+8z4=,tag:1FcLKAKk1v7JsFMybL5GEA==,type:str] + pgp: + - created_at: "2023-05-02T19:30:42Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hF4D3ylLYNOsO+0SAQdA16evFPF5J4wB4iw3y6rQbjpyVKiU/M7qZmdsKOBpLQgw + CccmnhDpRDvQ2pTlHh674o0flfXTvFQ2H2a7KuVDLerdUuw+aBGD1RB+Ob0Vvfoi + 0l4BKpYchtdJQpQuL2Gy5LToty9EZUVVRvhyIfSasWCdDH9ajNWHFcKn6MX9wj46 + ly6CeFgZKAyyeQ6qWQnft7inEQk7krl53NBrbzDN3Rfz71zmpO97h/av7y7ilffa + =DpnU + -----END PGP MESSAGE----- + fp: 66FB54F6081375106EEBF651A222365EB448F934 + unencrypted_suffix: _unencrypted + version: 3.7.3 diff --git a/hosts/iron/services/default.nix b/hosts/iron/services/default.nix index 3dd185f..078cd74 100644 --- a/hosts/iron/services/default.nix +++ b/hosts/iron/services/default.nix @@ -1,6 +1,7 @@ { imports = [ ./dnsmasq.nix + ./dyndns.nix ./nginx.nix ./torrent.nix ./unifi-controller.nix diff --git a/hosts/iron/services/dyndns.nix b/hosts/iron/services/dyndns.nix new file mode 100644 index 0000000..2c4b7a1 --- /dev/null +++ b/hosts/iron/services/dyndns.nix @@ -0,0 +1,17 @@ +{ config, ... }: +{ + sops.secrets.duckdns-secret = { + sopsFile = ../secrets.yaml; + }; + services.ddclient = { + enable = true; + interval = "1min"; + protocol = "duckdns"; + server = "www.duckdns.org"; + username = "nouser"; + passwordFile = config.sops.secrets.duckdns-secret.path; + domains = [ "jalr-bw" ]; + use = "if, if=enp4s5"; + #usev6=ifv6, ifv6=enp3s4 + }; +}