nixos-configuration/hosts/iron/services/dyndns.nix

{ config, lib, pkgs, ... }:
let
  interfaces = import ../interfaces.nix;

  mkService = config:
    lib.mapAttrs'
      (name: cfg: lib.nameValuePair "godns-${name}" (
        let
          config = cfg.settings // {
            login_token_file = "$CREDENTIALS_DIRECTORY/login_token";
          };
          configFile = (pkgs.formats.yaml { }).generate "config.yaml" config;
        in
        {
          description = "GoDNS service";
          wantedBy = [ "multi-user.target" ];
          after = [ "network.target" ];
          serviceConfig = {
            DynamicUser = true;
            ExecStart = "${lib.getExe pkgs.godns} -c ${configFile}";
            LoadCredential = "login_token:${cfg.tokenPath}";
            Restart = "always";
            RestartSec = "2s";
          };
        }
      ))
      config;
in
{
  systemd.services = mkService {
    ip4 = {
      tokenPath = config.sops.secrets.duckdns-secret.path;
      settings = {
        provider = "DuckDNS";
        domains = [{ domain_name = "www.duckdns.org"; sub_domains = [ "jalr-bw" ]; }];
        resolver = "8.8.8.8";
        ip_interface = interfaces.wan;
        ip_urls = [ "" ];
        ip_type = "IPv4";
        interval = 60;
      };
    };
    ip6 = {
      tokenPath = config.sops.secrets.duckdns-secret.path;
      settings = {
        provider = "DuckDNS";
        domains = [{ domain_name = "www.duckdns.org"; sub_domains = [ "jalr-bw" ]; }];
        resolver = "2001:4860:4860::8888";
        ip_interface = interfaces.lan;
        ip_urls = [ "" ];
        ip_type = "IPv6";
        interval = 60;
      };
    };
  };
}