From 797261aad16f362ce630defb4dab49dc42cf3348 Mon Sep 17 00:00:00 2001
From: Felix Buehler <account@buehler.rocks>
Date: Sun, 4 Jun 2023 17:17:35 +0200
Subject: [PATCH] service/dyndns: migrate from serverle

---
 machines/serverle/configuration.nix |  1 -
 machines/serverle/dyndns.nix        | 11 ----------
 machines/serverle/secrets.yaml      |  6 +++--
 machines/serverle/services.nix      |  6 +++++
 modules/services/default.nix        |  1 +
 modules/services/dyndns/default.nix | 34 +++++++++++++++++++++++++++++
 6 files changed, 45 insertions(+), 14 deletions(-)
 delete mode 100644 machines/serverle/dyndns.nix
 create mode 100644 modules/services/dyndns/default.nix

diff --git a/machines/serverle/configuration.nix b/machines/serverle/configuration.nix
index e42a116..c520e52 100644
--- a/machines/serverle/configuration.nix
+++ b/machines/serverle/configuration.nix
@@ -3,7 +3,6 @@
   imports = [
     ./hardware-configuration.nix
     ./disks.nix
-    ./dyndns.nix
     ./network.nix
     ./services.nix
     ./syncthing.nix
diff --git a/machines/serverle/dyndns.nix b/machines/serverle/dyndns.nix
deleted file mode 100644
index 46ec15f..0000000
--- a/machines/serverle/dyndns.nix
+++ /dev/null
@@ -1,11 +0,0 @@
-{ config, lib, pkgs, ... }:
-{
-  services.ddclient = {
-    enable = true;
-    server = "dyndns.inwx.com";
-    username = "Stunkymonkey-dyndns";
-    passwordFile = "/root/.dyndns_password";
-    domains = [ "serverle.stunkymonkey.de" ];
-    ipv6 = true;
-  };
-}
diff --git a/machines/serverle/secrets.yaml b/machines/serverle/secrets.yaml
index 4240f26..b435e7d 100644
--- a/machines/serverle/secrets.yaml
+++ b/machines/serverle/secrets.yaml
@@ -16,6 +16,8 @@ sso:
         totp-secret: ENC[AES256_GCM,data:J60zceMAWdUuUIHyV57mcEatt5zhbMatvL+Z0NBoEJyDG2u9MornLJju/+AoBUq/erbY4Z/ymlI=,iv:kUBIGMy1yDQ8Vc6GvxmGGqgQ341Lfvmq+Q/DCTHiT0k=,tag:fzCvUmnKuioArq7ObFwDUA==,type:str]
 acme:
     inwx: ENC[AES256_GCM,data:yf1Xi0YOSUMfTd91NCjMUD7uMPzFjK7wfsxnDeIXBfd1U0hopemF6KBDYVLIP7NrTDz+wGWCqvgO3w8FjfWjCgtcqw==,iv:4HOFyvuhCDTSFGgEqbdVmC8pDpf/CpapDaSUwwRZOGI=,tag:ynQxQS1VzpqCJZOfUP0Bwg==,type:str]
+dyndns:
+    password: ENC[AES256_GCM,data:WsgT4Un6/yirszfONzhYQDT66arEdmzkeA==,iv:9IbyEwX8DvJMfW3XaUaObmsD8mZCr1eQo7MglGn8dl0=,tag:XM0Qf4KbdkercBvpEwJdtg==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -40,8 +42,8 @@ sops:
             a1BjcjVaM01UV0o5bTFTVTE5QUZKMmsKPAGYDf1FVtp4+Z/KUrI6z0aZYEwN1DYa
             jKtA1IUXrmdaRllN0SfC+YjMXTk7IoJvrjagCv9Zo0zEKasfO8PL4g==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-02-21T22:00:55Z"
-    mac: ENC[AES256_GCM,data:pdoMUpMymTqJJ2GSjtu8PTsF8xx10mY7bTunpRdk2YJOtaes2urYWdH7jmX3NszqYeD0cY8KWAVgOgQxdGI1PW9uy+Xt7aiYDeaxDoYo2yot+5zj8lyV/ncAPRDEn5exGi7AmbJh6Wo84aS27AhMGC6KSJfRQx/uZMQqIvxFQlw=,iv:pexQtkKgjoBJnZMsR16hCc2hhaIo7TsezKgx2if3Wwo=,tag:3eTABZYlb+hh17EmhRBspg==,type:str]
+    lastmodified: "2023-06-04T14:25:20Z"
+    mac: ENC[AES256_GCM,data:vHbLSsIFoathXRhvEIlJZyPQr/nKguel72hiaCP0Z/jjrtr+2imFWTPzi4BxRIHJwybITh59ytxDBm3cxXuN0GbBsSVHjYAp5oLqiQHWyjWQsJpE8ITP/0W61lNGeVAzixntgz/QJKqavXs0duEDSqqw+7+fULo6Xzx794vnY1M=,iv:MTpTnDRRhPnV2e6xX42juXciWIbYtbIzy6GC+aYj9Gc=,tag:8e3uGqwW2CZnrQartHb5DQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3
diff --git a/machines/serverle/services.nix b/machines/serverle/services.nix
index 6a88ca5..f51aaf1 100644
--- a/machines/serverle/services.nix
+++ b/machines/serverle/services.nix
@@ -7,6 +7,7 @@ in
   sops.secrets."acme/inwx" = { };
   sops.secrets."borgbackup/password" = { };
   sops.secrets."borgbackup/ssh_key" = { };
+  sops.secrets."dyndns/password" = { };
   sops.secrets."sso/auth-key" = { };
   sops.secrets."sso/felix/password-hash" = { };
   sops.secrets."sso/felix/totp-secret" = { };
@@ -20,6 +21,11 @@ in
       sshKeyFile = secrets."borgbackup/ssh_key".path;
     };
 
+    dyndns = {
+      enable = true;
+      passwordFile = secrets."dyndns/password".path;
+    };
+
     prowlarr = {
       enable = true;
     };
diff --git a/modules/services/default.nix b/modules/services/default.nix
index edbfa6e..e57fcfa 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -6,6 +6,7 @@
     ./backup
     ./bazarr
     ./blocky
+    ./dyndns
     ./freshrss
     ./gitea
     ./grafana
diff --git a/modules/services/dyndns/default.nix b/modules/services/dyndns/default.nix
new file mode 100644
index 0000000..afedb34
--- /dev/null
+++ b/modules/services/dyndns/default.nix
@@ -0,0 +1,34 @@
+# running dyndns updates
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.my.services.dyndns;
+  domain = config.networking.domain;
+in
+{
+  options.my.services.dyndns = with lib; {
+    enable = mkEnableOption "Dyndns";
+
+    username = mkOption {
+      type = types.str;
+      description = "Username for the dyndns.";
+      example = "admin";
+      default = "Stunkymonkey-dyndns";
+    };
+    passwordFile = mkOption {
+      type = types.path;
+      description = "Password for the username for dyndns.";
+      example = "/run/secrets/freshrss";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.ddclient = {
+      enable = true;
+      server = "dyndns.inwx.com";
+      username = cfg.username;
+      passwordFile = cfg.passwordFile;
+      domains = [ "serverle.${domain}" ];
+      ipv6 = true;
+    };
+  };
+}