dadada/nix-config
dadada/nix-config
1
0
Fork 0
Code Issues 2 Pull requests 5 Projects Releases Packages Wiki Activity Actions 2
nix-config/nixos/modules/ddns.nix
Tim Schubert 1402ee13cc
chore: reformat
2025-06-03 20:04:44 +02:00

94 lines
2.4 KiB
Nix
Raw Blame History

{
config,
pkgs,
lib,
...
}:
with lib;
let
cfg = config.dadada.ddns;
ddnsConfig =
{
domains,
credentialsPath,
interface,
}:
{
systemd.timers = listToAttrs (
forEach domains (
domain:
nameValuePair "ddns-${domain}" {
wantedBy = [ "timers.target" ];
partOf = [ "ddns-${domain}.service" ];
timerConfig.OnCalendar = "hourly";
}
)
);
systemd.services = listToAttrs (
forEach domains (
domain:
nameValuePair "ddns-${domain}" {
serviceConfig = {
Type = "oneshot";
PrivateTmp = true;
PrivateDevices = true;
PrivateUsers = true;
PrivateMounts = true;
PrivateIPC = true;
ProtectHome = true;
ProtectSystem = "strict";
ProtectKernelTunables = true;
BindReadOnlyPaths = [ credentialsPath ];
NoNewPrivileges = true;
CapabilitBoundingSet = [ ];
};
script = ''
function url() {
echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3"
}
IFS=':'
read -r user password < ${credentialsPath}
unset IFS
curl_url=$(url "$user" "$password" ${domain})
${pkgs.curl}/bin/curl --ipv4 "$curl_url" ${
if interface == null then "" else "--interface ${interface}"
} || true
${pkgs.curl}/bin/curl --ipv6 "$curl_url" ${
if interface == null then "" else "--interface ${interface}"
}
'';
}
)
);
};
in
{
options = {
dadada.ddns.domains = mkOption {
type = types.listOf types.str;
description = ''
Enables DDNS for these domains.
'';
example = ''
[ "example.com" ]
'';
default = [ ];
};
dadada.ddns.credentialsPath = mkOption {
type = types.path;
description = "Credentials file";
default = "/var/lib/ddns/credentials";
};
dadada.ddns.interface = mkOption {
type = types.nullOr types.str;
description = "Source interface to use";
default = null;
};
};
config = with cfg; ddnsConfig { inherit domains interface credentialsPath; };
}
Reference in a new issue View git blame Copy permalink