Compare commits

..

3 commits

Author SHA1 Message Date
fruchti 1a543d6067 Replace ddclient with shell script 2023-06-23 19:56:35 +02:00
fruchti d3f89fee9e Update Nextcloud 2023-06-23 19:56:14 +02:00
fruchti d989008ad7 Rupert: Fix warnings for 23.05 2023-06-23 19:55:52 +02:00
5 changed files with 106 additions and 21 deletions

View file

@ -73,8 +73,10 @@ in
# Enable the OpenSSH daemon. # Enable the OpenSSH daemon.
services.openssh = { services.openssh = {
enable = true; enable = true;
forwardX11 = true; settings = {
passwordAuthentication = false; # ForwardX11 = true;
PasswordAuthentication = false;
};
}; };
services.avahi.enable = true; services.avahi.enable = true;

View file

@ -1,9 +1,6 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
definedInPersonalDotNix = lib.mkDefault (throw "Configuration option missing from personal.nix"); interface = "enp3s0";
getipv6 = pkgs.writeText "getipv6.sh" ''
${pkgs.nettools}/bin/ifconfig enp3s0 | sed -n -E 's/^\ *inet6 (2001(:[0-9a-f]+)+)\ .*$/\1/p'
'';
in in
{ {
networking.tempAddresses = "disabled"; networking.tempAddresses = "disabled";
@ -15,7 +12,7 @@ in
slaac hwaddr slaac hwaddr
noipv4ll noipv4ll
interface enp3s0 interface ${interface}
static ip_address=192.168.178.43/24 static ip_address=192.168.178.43/24
static routers=192.168.178.1 static routers=192.168.178.1
static domain_name_servers=192.168.178.1 8.8.8.8 static domain_name_servers=192.168.178.1 8.8.8.8
@ -24,19 +21,9 @@ in
''; '';
}; };
services.ddclient = { services.dyndns = {
enable = true; enable = true;
verbose = true; interface = interface;
use = "cmd, cmd='${pkgs.bash}/bin/bash ${getipv6}'"; passwordFile = "/secrets/dyndns_password_${config.services.dyndns.username}.txt";
domains = [
((lib.toLower config.networking.hostName) + ".gvfr.de")
];
ipv6 = true;
server = definedInPersonalDotNix;
username = definedInPersonalDotNix;
passwordFile = "/secrets/dyndns_password_${config.services.ddclient.username}.txt";
extraConfig = ''
wildcard=no
'';
}; };
} }

View file

@ -6,7 +6,7 @@ in
services.nextcloud = { services.nextcloud = {
enable = true; enable = true;
https = true; https = true;
package = pkgs.nextcloud25; package = pkgs.nextcloud26;
hostName = hostName; hostName = hostName;
datadir = "/data/nextcloud"; datadir = "/data/nextcloud";
config = { config = {

View file

@ -6,5 +6,6 @@
./auto-upgrade.nix ./auto-upgrade.nix
./status-email.nix ./status-email.nix
./btrfs-scrub.nix ./btrfs-scrub.nix
./dyndns.nix
]; ];
} }

95
options/dyndns.nix Normal file
View file

@ -0,0 +1,95 @@
{ pkgs, lib, config, ... }:
let
cfg = config.services.dyndns;
in
{
options.services.dyndns = {
enable = lib.mkEnableOption "Update DNS AAAA records via dyndns";
interface = lib.mkOption {
type = lib.types.str;
description = "Identifier of the network interface to use";
};
domain = lib.mkOption {
type = lib.types.str;
description = "Domain name to update";
};
server = lib.mkOption {
type = lib.types.str;
description = "DynDNS server name";
};
username = lib.mkOption {
type = lib.types.str;
description = "Username for DynDNS updates";
};
passwordFile = lib.mkOption {
type = lib.types.str;
description = "File containing the DynDNS password";
};
};
config = lib.mkIf cfg.enable {
systemd.services.dyndns = {
enable = true;
after = [ "network.target" ];
unitConfig = {
Description = "Update AAAA records for ${cfg.domain} via DynDNS";
};
serviceConfig = {
DynamicUser = true;
PrivateTmp = true;
PrivateDevices = true;
ProtectSystem = true;
ProtectHome = true;
NoNewPrivileges = true;
};
script = ''
#!${pkgs.bash}/bin/bash
set -eu
host="${cfg.domain}"
interface="${cfg.interface}"
dyndns_server="${cfg.server}"
dyndns_user="${cfg.username}"
dyndns_password="$(cat "${cfg.passwordFile}")"
new_ip=$(${pkgs.iproute}/bin/ip -6 a show scope global -temporary dev "$interface" | ${pkgs.gnused}/bin/sed -n -E 's/^\ *inet6\ (2001(:[0-9a-f]+)+).*$/\1/p' | head -1)
if [ -z "$new_ip" ] ; then
echo "Could not determine IP address."
exit 1
fi
current_ip=$(${pkgs.dig}/bin/dig aaaa +short "$host")
if [ -z "$current_ip" ] ; then
echo "Could not determine current AAAA record."
exit 1
fi
if [ "$current_ip" = "$new_ip" ] ; then
echo "Current AAAA record is already $current_ip, no update needed."
exit 0
fi
echo "Updating IP to $new_ip."
${pkgs.curl}/bin/curl "https://$dyndns_user:$dyndns_password@$dyndns_server/?hostname=$host&myip=$new_ip"
'';
};
systemd.timers.dyndns = {
description = "Timer for triggering DynDNS updates";
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "2min";
OnUnitActiveSec = "20min";
Unit = "dyndns.service";
};
};
};
}