about summary refs log tree commit diff
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2024-12-15 11:21:54 -0800
committerFranck Cuny <franck@fcuny.net>2024-12-15 11:21:54 -0800
commite48ba8e6598a7db8b2720f4fb62c683a7d13840e (patch)
tree1ce5b925249bebf38a3d3ce98b2f88e2b32556e4
parentadd recipe to edit secret (diff)
downloadworld-e48ba8e6598a7db8b2720f4fb62c683a7d13840e.tar.gz
run `ddns-updater' on `vm-synology'
It has a small UI and the configuration with the secrets is managed
with `agenix'.
-rw-r--r--README.md6
-rw-r--r--README.org7
-rw-r--r--nix/machines/vm-synology/ddns.nix21
-rw-r--r--nix/machines/vm-synology/default.nix2
-rw-r--r--secrets/ddns-updater.agebin0 -> 839 bytes
-rw-r--r--secrets/secrets.nix5
6 files changed, 33 insertions, 8 deletions
diff --git a/README.md b/README.md
deleted file mode 100644
index ece55f0..0000000
--- a/README.md
+++ /dev/null
@@ -1,6 +0,0 @@
-Tools, scripts, and configurations for my machines.
-
-## Linux VM
-
-- using UTM
-- deploy by running `nixos-rebuild switch --flake ".#vm"` on the VM
diff --git a/README.org b/README.org
new file mode 100644
index 0000000..377e658
--- /dev/null
+++ b/README.org
@@ -0,0 +1,7 @@
+Tools, scripts, and configurations for my machines.
+
+* Services
+** ddns-updater
+This service runs on =vm-synology=.
+
+There's a web UI accessible at http://vm-synology:8000
diff --git a/nix/machines/vm-synology/ddns.nix b/nix/machines/vm-synology/ddns.nix
new file mode 100644
index 0000000..df59793
--- /dev/null
+++ b/nix/machines/vm-synology/ddns.nix
@@ -0,0 +1,21 @@
+{ ... }: {
+  age.secrets.ddns-updater = {
+    file = ../../../secrets/ddns-updater.age;
+    owner = "root";
+    group = "root";
+    mode = "600";
+  };
+
+  # https://github.com/NixOS/nixpkgs/blob/e028379cfb9d92e49120e46045042998dfed87d0/nixos/modules/services/networking/ddns-updater.nix#
+  services.ddns-updater = {
+    enable = true;
+    environment = {
+      RESOLVER_ADDRESS = "8.8.8.8:53";
+      CONFIG_FILEPATH = "%d/config.json";
+    };
+  };
+
+  # https://systemd.io/CREDENTIALS/
+  systemd.services.ddns-updater.serviceConfig.LoadCredential =
+    "config.json:/run/agenix/ddns-updater";
+}
diff --git a/nix/machines/vm-synology/default.nix b/nix/machines/vm-synology/default.nix
index 8af114b..690e474 100644
--- a/nix/machines/vm-synology/default.nix
+++ b/nix/machines/vm-synology/default.nix
@@ -1,5 +1,5 @@
 { ... }: {
-  imports = [ ./hardware.nix ../vm-shared.nix ];
+  imports = [ ./hardware.nix ../vm-shared.nix ./ddns.nix ];
 
   # Use the systemd-boot EFI boot loader.
   boot.loader.systemd-boot.enable = true;
diff --git a/secrets/ddns-updater.age b/secrets/ddns-updater.age
new file mode 100644
index 0000000..d457178
--- /dev/null
+++ b/secrets/ddns-updater.age
Binary files differdiff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 69c15f3..a2ea4c7 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -9,4 +9,7 @@ let
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHf5gXGbOjaoqdpCDnHjBMhikuM0smLKhUo7J83+by+K";
   systems = [ vm-aarch64 vm-synology ];
 in
-{ "restic-backups.age".publicKeys = [ fcuny vm-synology ]; }
+{
+  "restic-backups.age".publicKeys = [ fcuny vm-synology ];
+  "ddns-updater.age".publicKeys = users ++ [ vm-synology ];
+}