kylekrein/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixos-config/systems/x86_64-linux/stargate/duckdns.nix

45 lines
1.5 KiB
Nix
Raw Blame History

{
lib,
pkgs,
config,
...
}: {
sops.secrets."duckdns" = {};
systemd.timers."duckdns" = {
wantedBy = ["timers.target"];
timerConfig = {
OnBootSec = "5m";
OnUnitActiveSec = "5m";
Unit = "duckdns.service";
};
};
systemd.services."duckdns" = {
script = let
duckdns = pkgs.writeShellScriptBin "duckdns" ''
TOKEN=$(${pkgs.coreutils}/bin/cat ${config.sops.secrets."duckdns".path})
REALV6=$(${pkgs.iproute2}/bin/ip -6 addr show dev enp3s0 scope global \
| ${pkgs.gawk}/bin/awk '/inet6 2/{print $2}' \
| ${pkgs.coreutils}/bin/cut -d/ -f1 \
| ${pkgs.gnugrep}/bin/grep -E 'f9c4$' \
| ${pkgs.coreutils}/bin/head -n1)
REALV4=$(${pkgs.curl}/bin/curl -s https://ifconfig.me --ipv4)
${pkgs.coreutils}/bin/echo url="https://www.duckdns.org/update?domains=kylekrein&token=$TOKEN&ipv6=$REALV6&ip=$REALV4" | ${pkgs.curl}/bin/curl -k -K -
${pkgs.coreutils}/bin/mkdir -p /etc/fail2ban/jail.d
${pkgs.coreutils}/bin/cat > /etc/fail2ban/jail.d/duckdns-ignore.local <<EOF
[DEFAULT]
ignoreip = 127.0.0.1/8 ::1 192.168.178.1/24 91.99.0.169 $REALV4 $REALV6
EOF
'';
in ''
set -eu
out=$(${duckdns}/bin/duckdns)
${pkgs.coreutils}/bin/echo "Sent new IP Address to DuckDNS: $out"
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
}
Reference in a new issue View git blame Copy permalink