diff --git a/system-modules/nx2site.nix b/system-modules/nx2site.nix index b8526f3..193b5f1 100644 --- a/system-modules/nx2site.nix +++ b/system-modules/nx2site.nix @@ -29,191 +29,78 @@ let dns-user = "cloudflare"; in Unit = "dynamic-dns.service"; }; }; - services."dynamic-dns" = let - u = let - account_id = secrets.email.gmail-online.mail; - zone_id = "33fecab36e060f49d492127345ea95a0"; - record_id = { # curl --request GET --url https://api.cloudflare.com/client/v4/zones/33fecab36e060f49d492127345ea95a0/dns_records --header 'Content-Type: application/json' --header 'X-Auth-Email: @gmail.com' --header "X-Auth-Key: " -s | jq - base = "58d3412e8d88889d1a611b3669f0700f"; - base6 = "d1b90e21d2d747dcb30448bd65312927"; - sub = "fc861353142bc05d5dbad1799178e6a1"; - sub6 = "b8082b7afe9e80971fc9f9dda16ec284"; - ssh = "c0f14f17f32d6595c202f041dd836eb3"; - ssh6 = "f1ecb2d9d0522d4eec06437688ca76da"; - }; - passord-file-path = config.sops.secrets."nx2site/cloudflare/global-api-key".path; - log-file-path = "/var/log/couldflare.log"; - count-file-path = "/var/log/cloudflare-count.txt"; - in pkgs.writers.writePython3Bin "dyn_dns" { - libraries = with pkgs.python311Packages; [ requests ]; - flakeIgnore = [ "E501" "E305" "E701" "E704" "E302" "E114" "F841" "E121" "E261" "E303" ]; - } /* python */ '' - import requests - import subprocess - # from datetime import datetime + services."dynamic-dns" = { + script = let + dyn-dns = let + account_id = secrets.email.gmail-online.mail; + zone_id = "33fecab36e060f49d492127345ea95a0"; + record_id = { # curl --request GET --url https://api.cloudflare.com/client/v4/zones/33fecab36e060f49d492127345ea95a0/dns_records --header 'Content-Type: application/json' --header 'X-Auth-Email: @gmail.com' --header "X-Auth-Key: " -s | jq + base = "58d3412e8d88889d1a611b3669f0700f"; + base6 = "d1b90e21d2d747dcb30448bd65312927"; + sub = "fc861353142bc05d5dbad1799178e6a1"; + sub6 = "b8082b7afe9e80971fc9f9dda16ec284"; + ssh = "c0f14f17f32d6595c202f041dd836eb3"; + ssh6 = "f1ecb2d9d0522d4eec06437688ca76da"; + }; + passord-file-path = config.sops.secrets."nx2site/cloudflare/global-api-key".path; + in pkgs.writers.writePython3Bin "dyn_dns" { + libraries = with pkgs.python3Packages; [ requests ]; + flakeIgnore = [ "E302" "E305" "E226" "E501" "E261" ]; + } /* python */ '' +import requests +import subprocess - def get_public_ip(ipv6=False): - return subprocess.run(['${pkgs.curl}/bin/curl', '-s', '-6' if ipv6 else '-4', 'https://ifconfig.me'], capture_output=True, text=True).stdout.strip() +def get_public_ip(ipv6: bool = False) -> str: + return subprocess.run(['${pkgs.curl}/bin/curl', '-s', '-6' if ipv6 else '-4', 'https://ifconfig.me'], capture_output=True, text=True).stdout.strip() - def main(): - my_ip = get_public_ip() - my_ip6 = get_public_ip(ipv6=True) +def update_record(record_id: str, record_name: str, ip: str, type: str, proxied: bool, pw: str) -> None: + return requests.patch( + f'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/{record_id}', + headers={ + 'Content-Type': 'application/json', + 'X-Auth-Email': '${account_id}', + 'X-Auth-Key': pw + }, + json={ + "comment": "Domain verification record", + "name": record_name, + "proxied": proxied, + "settings": {}, + "tags": [], + "ttl": 1, # automatic + "content": ip, + "type": type + } + ) - # with open("${count-file-path}", "r") as f: - # content = f.read() - # if content == "": count = 0 - # else: count = int(content) - # count += 1 - # with open("${count-file-path}", "w") as f: - # f.write(str(count)) +def main(): + my_ip = get_public_ip() + my_ip6 = get_public_ip(ipv6=True) - # 4 - with open("${passord-file-path}", 'r') as pw_file: - pw = pw_file.read().strip() + with open("${passord-file-path}", 'r') as pw_file: + pw = pw_file.read().strip() - # Perform DNS updates - # https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record - resp_base = requests.patch( - 'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.base}', - headers={ - 'Content-Type': 'application/json', - 'X-Auth-Email': '${account_id}', - 'X-Auth-Key': pw - }, - json={ - "comment": "Domain verification record", - "name": "${domain}", - "proxied": True, - "settings": {}, - "tags": [], - "ttl": 1, # automatic - "content": my_ip, - "type": "A" - } - ) + # Perform DNS updates + # https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record + r = update_record(record_id="${record_id.base}", record_name="${domain}", ip=my_ip, type="A", proxied=True, pw=pw) + _ = update_record(record_id="${record_id.sub}", record_name="*.${domain}", ip=my_ip, type="A", proxied=True, pw=pw) + _ = update_record(record_id="${record_id.ssh}", record_name="ssh.${domain}", ip=my_ip, type="A", proxied=False, pw=pw) - resp_subd = requests.patch( - 'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.sub}', - headers={ - 'Content-Type': 'application/json', - 'X-Auth-Email': '${account_id}', - 'X-Auth-Key': pw - }, - json={ - "comment": "Domain verification record", - "name": "*.${domain}", - "proxied": True, - "settings": {}, - "tags": [], - "ttl": 1, # automatic - "content": my_ip, - "type": "A" - } - ) + if r.status_code != 200: + print(r.text) - resp_sshd = requests.patch( - 'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.ssh}', - headers={ - 'Content-Type': 'application/json', - 'X-Auth-Email': '${account_id}', - 'X-Auth-Key': pw - }, - json={ - "comment": "Domain verification record", - "name": "ssh.${domain}", - "proxied": False, - "settings": {}, - "tags": [], - "ttl": 1, # automatic - "content": my_ip, - "type": "A" - } - ) + r = update_record(record_id="${record_id.base6}", record_name="${domain}", ip=my_ip6, type="AAAA", proxied=True, pw=pw) + _ = update_record(record_id="${record_id.sub6}", record_name="*.${domain}", ip=my_ip6, type="AAAA", proxied=True, pw=pw) + _ = update_record(record_id="${record_id.ssh6}", record_name="ssh.${domain}", ip=my_ip6, type="AAAA", proxied=False, pw=pw) - if resp_base.status_code != 200: - print(resp_base.text) + if r.status_code != 200: + print(r.text) - - # now_str = datetime.now().strftime('%Y/%m/%d-%R') - # log_entry = f"At {now_str} - to {my_ip} - Response {resp_base.status_code}\n" - # print(log_entry, end="") - # with open("${log-file-path}", 'a') as log_file: - # log_file.write(log_entry) - - # Perform DNS updates - # https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record - resp_base = requests.patch( - 'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.base6}', - headers={ - 'Content-Type': 'application/json', - 'X-Auth-Email': '${account_id}', - 'X-Auth-Key': pw - }, - json={ - "comment": "Domain verification record", - "name": "${domain}", - "proxied": True, - "settings": {}, - "tags": [], - "ttl": 1, # automatic - "content": my_ip6, - "type": "AAAA" - } - ) - - resp_subd = requests.patch( - 'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.sub6}', - headers={ - 'Content-Type': 'application/json', - 'X-Auth-Email': '${account_id}', - 'X-Auth-Key': pw - }, - json={ - "comment": "Domain verification record", - "name": "*.${domain}", - "proxied": True, - "settings": {}, - "tags": [], - "ttl": 1, # automatic - "content": my_ip6, - "type": "AAAA" - } - ) - - resp_sshd = requests.patch( - 'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.ssh6}', - headers={ - 'Content-Type': 'application/json', - 'X-Auth-Email': '${account_id}', - 'X-Auth-Key': pw - }, - json={ - "comment": "Domain verification record", - "name": "ssh.${domain}", - "proxied": False, - "settings": {}, - "tags": [], - "ttl": 1, # automatic - "content": my_ip6, - "type": "AAAA" - } - ) - - if resp_base.status_code != 200: - print(resp_base.text) - - # now_str = datetime.now().strftime('%Y/%m/%d-%R') - # log_entry = f"At {now_str} - to {my_ip6} - Response {resp_base.status_code}\n" - # print(log_entry, end="") - # with open("${log-file-path}", 'a') as log_file: log_file.write(log_entry) - - if __name__ == "__main__": - main() - ''; - in { - script = '' - set -eu - ${u}/bin/dyn_dns +if __name__ == "__main__": + main() + ''; in /* bash */ '' + set -e + ${dyn-dns}/bin/dyn_dns ''; serviceConfig = { Type = "oneshot"; @@ -221,19 +108,19 @@ let dns-user = "cloudflare"; in }; }; }; - networking.hosts = { # docker network inspect nx2site_default | grep -E "Name|IPv4" | tr "\n" " " | sed -r 's- +- -g;s-\n?"Name": -\n-g' | sed -r '1d;2d;s-"(.+?)", "IPv4Address": "(.+)/16",- "\2" = [ "\1.docker" ];-g' + # networking.hosts = { # docker network inspect nx2site_default | grep -E "Name|IPv4" | tr "\n" " " | sed -r 's- +- -g;s-\n?"Name": -\n-g' | sed -r '1d;2d;s-"(.+?)", "IPv4Address": "(.+)/16",- "\2" = [ "\1.docker" ];-g' # "172.1.2.1" = [ "staticweb.docker" ]; # "172.1.3.1" = [ "matrix.docker" ]; # "172.1.0.9" = [ "matrixdb.docker" ]; # "172.1.4.1" = [ "matrix-ss.docker" ]; # "172.1.0.7" = [ "matrix-ssdb.docker" ]; # "172.1.5.1" = [ "pw.docker" ]; - "172.1.6.1" = [ "git.docker" ]; + # "172.1.6.1" = [ "git.docker" ]; # "172.1.0.10" = [ "gitdb.docker" ]; # "172.1.7.1" = [ "nn.docker" ]; # "172.1.8.1" = [ "llm.docker" ]; # "172.1.9.1" = [ "proxy.docker" ]; # "172.1.10.1" = [ "share.docker" ]; # "172.1.11.1" = [ "odq.docker" ]; - }; + # }; }