Server

systems/x86_64-linux/kylekrein-server/default.nix

@@ -115,6 +115,7 @@ with lib.custom; {
   services.gitlab = {
     enable = true;
     host = "gitlab.kylekrein.com";
+    https = true;
     port = 443;
     #statePath = "/persist/gitlab/state";
     backup.startAt = "3:00";

systems/x86_64-linux/stargate/default.nix

@@ -78,6 +78,22 @@ in {
       extraArgs = ["--sshoption=StrictHostKeyChecking=off"];
     };
   };
+  sops.secrets."duckdns" = {mode = "777";};
+  services.cron = {
+    enable = true;
+    systemCronJobs = [
+      "*/5 * * * * ${lib.getExe (pkgs.writeShellScriptBin "duckdns" ''
+        TOKEN=$(cat ${config.sops.secrets."duckdns".path})
+        REALV6=$(ip -6 addr show dev enp3s0 scope global \
+         | awk '/inet6 2/{print $2}' \
+         | cut -d/ -f1 \
+         | grep -E 'f9c4$' \
+         | head -n1)
+        REALV4=$(curl -s https://ifconfig.me --ipv4)
+        echo url="https://www.duckdns.org/update?domains=kylekrein&token=$TOKEN&ipv6=$REALV6&ip=$REALV4" | curl -k -K -
+      '')} >/dev/null 2>&1"
+    ];
+  };
 
   custom.presets.disko.impermanenceBtrfsLuks = {
     enable = true;

systems/x86_64-linux/stargate/services/nextcloud.nix

@@ -22,5 +22,6 @@ with lib.custom; {
       adminpassFile = config.sops.secrets."services/nextcloud".path;
     };
     hostName = "nextcloud.kylekrein.com";
+    https = true;
   };
 }

systems/x86_64-linux/stargate/services/nginx.nix

@@ -64,6 +64,11 @@ in {
         };
       };
 
+      "${config.services.nextcloud.hostName}" = {
+        enableACME = true;
+        forceSSL = true;
+      };
+
       "ntfy.kylekrein.com" = {
         enableACME = true;
         forceSSL = true;