From e48ba8e6598a7db8b2720f4fb62c683a7d13840e Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Sun, 15 Dec 2024 11:21:54 -0800
Subject: run `ddns-updater' on `vm-synology'

It has a small UI and the configuration with the secrets is managed
with `agenix'.
---
 nix/machines/vm-synology/ddns.nix | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 nix/machines/vm-synology/ddns.nix

(limited to 'nix/machines/vm-synology/ddns.nix')

diff --git a/nix/machines/vm-synology/ddns.nix b/nix/machines/vm-synology/ddns.nix
new file mode 100644
index 0000000..df59793
--- /dev/null
+++ b/nix/machines/vm-synology/ddns.nix
@@ -0,0 +1,21 @@
+{ ... }: {
+  age.secrets.ddns-updater = {
+    file = ../../../secrets/ddns-updater.age;
+    owner = "root";
+    group = "root";
+    mode = "600";
+  };
+
+  # https://github.com/NixOS/nixpkgs/blob/e028379cfb9d92e49120e46045042998dfed87d0/nixos/modules/services/networking/ddns-updater.nix#
+  services.ddns-updater = {
+    enable = true;
+    environment = {
+      RESOLVER_ADDRESS = "8.8.8.8:53";
+      CONFIG_FILEPATH = "%d/config.json";
+    };
+  };
+
+  # https://systemd.io/CREDENTIALS/
+  systemd.services.ddns-updater.serviceConfig.LoadCredential =
+    "config.json:/run/agenix/ddns-updater";
+}
-- 
cgit 1.4.1