From 7a8203e58c26f9533d2a7195ab1ae6d8b51ec812 Mon Sep 17 00:00:00 2001
From: dadada <dadada@dadada.li>
Date: Wed, 21 Jun 2023 15:04:41 +0200
Subject: [PATCH] use backup VLAN and configure DDNS

---
 nixos/ninurta/configuration.nix | 23 +++++++++++++++++++++++
 secrets/ddns-credentials.age    | 11 +++++++++++
 secrets/secrets.nix             |  1 +
 3 files changed, 35 insertions(+)
 create mode 100644 secrets/ddns-credentials.age

diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix
index 1217619..f128c54 100644
--- a/nixos/ninurta/configuration.nix
+++ b/nixos/ninurta/configuration.nix
@@ -76,6 +76,8 @@ in
   };
 
   dadada.ddns.domains = [ "backup1.dadada.li" ];
+  dadada.ddns.credentialsPath = config.age.secrets."ddns-credentials".path;
+  dadada.ddns.interface = "backup";
 
   dadada.borgServer = {
     enable = true;
@@ -118,6 +120,11 @@ in
     location = "/var/backup/postgresql";
   };
 
+  age.secrets."ddns-credentials" = {
+    file = "${secretsPath}/ddns-credentials.age";
+    mode = "400";
+  };
+
   age.secrets."ninurta-backup-passphrase" = {
     file = "${secretsPath}/ninurta-backup-passphrase.age";
     mode = "400";
@@ -241,6 +248,10 @@ in
         matchConfig.Name = "enp*";
         linkConfig.MACAddressPolicy = "persistent";
       };
+      "20-backup" = {
+        matchConfig.Name = "backup";
+        linkConfig.MACAddressPolicy = "persistent";
+      };
     };
     networks = {
       "10-wlan" = {
@@ -256,6 +267,11 @@ in
         networkConfig.DHCP = "ipv4";
         linkConfig.RequiredForOnline = "routable";
       };
+      "20-backup" = {
+        matchConfig.Name = "backup";
+        networkConfig.DHCP = "ipv4";
+        linkConfig.RequiredForOnline = false;
+      };
       "10-hydra" = {
         matchConfig.Name = "hydra";
         address = [ "10.3.3.3/24" ];
@@ -316,6 +332,13 @@ in
           };
         }];
       };
+      "20-backup" = {
+        netdevConfig = {
+          Name = "backup";
+          Kind = "vlan";
+        };
+        vlanConfig.Id = 13;
+      };
     };
   };
 
diff --git a/secrets/ddns-credentials.age b/secrets/ddns-credentials.age
new file mode 100644
index 0000000..f7b00b0
--- /dev/null
+++ b/secrets/ddns-credentials.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 J6ROvw BhBy5hKm+udUmCgQOhVnFFaGSGOOKqxOkaZUcp7Wy3k
+itvOOCUKNo0IseolH//6Uj1zEDt207HleT1YWnDogAg
+-> ssh-ed25519 Otklkw /5YCYZwTZ//JfGJzIIizcwhqem1P/ZTDdhJFfEjQQX4
+z7WS/uHDKGyuUP+ZKVVVc8b4bybsaQH6XrxOO3vOg1Q
+-> n\fdBI(-grease -PZuR<|s w,[Y J* h~
+mwA80O5+Q8KqYJSYneiqKcP5tbDgA0GI9AuDOjbFPFcb8evizd0RJxHdw9lDtIf1
+EBddBaL+m0/JjzvGE+Y
+--- ybCpT9fTz498c//mW49ziO5Qcpl+hJGly/qm9lzZR4s
+���7#��:EP�b5�2��@��K�U���VM��UAP_��J
x���0>��3 �
+���-�f���
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index fe31719..3cdc77b 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -23,6 +23,7 @@ in
   "paperless.age".publicKeys = [ systems.gorgon dadada ];
   "surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ];
   "ninurta-initrd-ssh-key.age".publicKeys = [ systems.ninurta dadada ];
+  "ddns-credentials.age".publicKeys = [ systems.ninurta dadada ];
 } //
 backupSecrets "ninurta" //
 backupSecrets "gorgon" //