nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix and refactor dynamic-dns

Browse Source
This commit is contained in:
Lennart J. Kurzweg (Nx2)
2025-02-22 13:43:35 +01:00
parent c15bf8c58e
commit 6b4a76dd4a
1 changed files with 66 additions and 179 deletions
Download Patch File Download Diff File Expand all files Collapse all files

197
system-modules/nx2site.nix
View File

@@ -29,8 +29,9 @@ let dns-user = "cloudflare"; in
Unit = "dynamic-dns.service"; Unit = "dynamic-dns.service";
}; };
}; };
services."dynamic-dns" = let services."dynamic-dns" = {
u = let script = let
dyn-dns = let
account_id = secrets.email.gmail-online.mail; account_id = secrets.email.gmail-online.mail;
zone_id = "33fecab36e060f49d492127345ea95a0"; zone_id = "33fecab36e060f49d492127345ea95a0";
record_id = { # curl --request GET --url https://api.cloudflare.com/client/v4/zones/33fecab36e060f49d492127345ea95a0/dns_records --header 'Content-Type: application/json' --header 'X-Auth-Email: <hidden>@gmail.com' --header "X-Auth-Key: <hiddenreadinsops>" -s | jq record_id = { # curl --request GET --url https://api.cloudflare.com/client/v4/zones/33fecab36e060f49d492127345ea95a0/dns_records --header 'Content-Type: application/json' --header 'X-Auth-Email: <hidden>@gmail.com' --header "X-Auth-Key: <hiddenreadinsops>" -s | jq
@@ -42,178 +43,64 @@ let dns-user = "cloudflare"; in
ssh6 = "f1ecb2d9d0522d4eec06437688ca76da"; ssh6 = "f1ecb2d9d0522d4eec06437688ca76da";
}; };
passord-file-path = config.sops.secrets."nx2site/cloudflare/global-api-key".path; passord-file-path = config.sops.secrets."nx2site/cloudflare/global-api-key".path;
log-file-path = "/var/log/couldflare.log";
count-file-path = "/var/log/cloudflare-count.txt";
in pkgs.writers.writePython3Bin "dyn_dns" { in pkgs.writers.writePython3Bin "dyn_dns" {
libraries = with pkgs.python311Packages; [ requests ]; libraries = with pkgs.python3Packages; [ requests ];
flakeIgnore = [ "E501" "E305" "E701" "E704" "E302" "E114" "F841" "E121" "E261" "E303" ]; flakeIgnore = [ "E302" "E305" "E226" "E501" "E261" ];
} /* python */ '' } /* python */ ''
import requests import requests
import subprocess import subprocess
# from datetime import datetime
def get_public_ip(ipv6=False): def get_public_ip(ipv6: bool = False) -> str:
return subprocess.run(['${pkgs.curl}/bin/curl', '-s', '-6' if ipv6 else '-4', 'https://ifconfig.me'], capture_output=True, text=True).stdout.strip() return subprocess.run(['${pkgs.curl}/bin/curl', '-s', '-6' if ipv6 else '-4', 'https://ifconfig.me'], capture_output=True, text=True).stdout.strip()
def update_record(record_id: str, record_name: str, ip: str, type: str, proxied: bool, pw: str) -> None:
return requests.patch(
f'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/{record_id}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": record_name,
"proxied": proxied,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": ip,
"type": type
}
)
def main(): def main():
my_ip = get_public_ip() my_ip = get_public_ip()
my_ip6 = get_public_ip(ipv6=True) my_ip6 = get_public_ip(ipv6=True)
# with open("${count-file-path}", "r") as f:
# content = f.read()
# if content == "": count = 0
# else: count = int(content)
# count += 1
# with open("${count-file-path}", "w") as f:
# f.write(str(count))
# 4
with open("${passord-file-path}", 'r') as pw_file: with open("${passord-file-path}", 'r') as pw_file:
pw = pw_file.read().strip() pw = pw_file.read().strip()
# Perform DNS updates # Perform DNS updates
# https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record # https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record
resp_base = requests.patch( r = update_record(record_id="${record_id.base}", record_name="${domain}", ip=my_ip, type="A", proxied=True, pw=pw)
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.base}', _ = update_record(record_id="${record_id.sub}", record_name="*.${domain}", ip=my_ip, type="A", proxied=True, pw=pw)
headers={ _ = update_record(record_id="${record_id.ssh}", record_name="ssh.${domain}", ip=my_ip, type="A", proxied=False, pw=pw)
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "${domain}",
"proxied": True,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip,
"type": "A"
}
)
resp_subd = requests.patch( if r.status_code != 200:
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.sub}', print(r.text)
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "*.${domain}",
"proxied": True,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip,
"type": "A"
}
)
resp_sshd = requests.patch( r = update_record(record_id="${record_id.base6}", record_name="${domain}", ip=my_ip6, type="AAAA", proxied=True, pw=pw)
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.ssh}', _ = update_record(record_id="${record_id.sub6}", record_name="*.${domain}", ip=my_ip6, type="AAAA", proxied=True, pw=pw)
headers={ _ = update_record(record_id="${record_id.ssh6}", record_name="ssh.${domain}", ip=my_ip6, type="AAAA", proxied=False, pw=pw)
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "ssh.${domain}",
"proxied": False,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip,
"type": "A"
}
)
if resp_base.status_code != 200: if r.status_code != 200:
print(resp_base.text) print(r.text)
# now_str = datetime.now().strftime('%Y/%m/%d-%R')
# log_entry = f"At {now_str} - to {my_ip} - Response {resp_base.status_code}\n"
# print(log_entry, end="")
# with open("${log-file-path}", 'a') as log_file:
# log_file.write(log_entry)
# Perform DNS updates
# https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record
resp_base = requests.patch(
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.base6}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "${domain}",
"proxied": True,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip6,
"type": "AAAA"
}
)
resp_subd = requests.patch(
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.sub6}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "*.${domain}",
"proxied": True,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip6,
"type": "AAAA"
}
)
resp_sshd = requests.patch(
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.ssh6}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "ssh.${domain}",
"proxied": False,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip6,
"type": "AAAA"
}
)
if resp_base.status_code != 200:
print(resp_base.text)
# now_str = datetime.now().strftime('%Y/%m/%d-%R')
# log_entry = f"At {now_str} - to {my_ip6} - Response {resp_base.status_code}\n"
# print(log_entry, end="")
# with open("${log-file-path}", 'a') as log_file: log_file.write(log_entry)
if __name__ == "__main__": if __name__ == "__main__":
main() main()
''; ''; in /* bash */ ''
in { set -e
script = '' ${dyn-dns}/bin/dyn_dns
set -eu
${u}/bin/dyn_dns
''; '';
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
@@ -221,19 +108,19 @@ let dns-user = "cloudflare"; in
}; };
}; };
}; };
networking.hosts = { # docker network inspect nx2site_default | grep -E "Name|IPv4" | tr "\n" " " | sed -r 's- +- -g;s-\n?"Name": -\n-g' | sed -r '1d;2d;s-"(.+?)", "IPv4Address": "(.+)/16",- "\2" = [ "\1.docker" ];-g' # networking.hosts = { # docker network inspect nx2site_default | grep -E "Name|IPv4" | tr "\n" " " | sed -r 's- +- -g;s-\n?"Name": -\n-g' | sed -r '1d;2d;s-"(.+?)", "IPv4Address": "(.+)/16",- "\2" = [ "\1.docker" ];-g'
# "172.1.2.1" = [ "staticweb.docker" ]; # "172.1.2.1" = [ "staticweb.docker" ];
# "172.1.3.1" = [ "matrix.docker" ]; # "172.1.3.1" = [ "matrix.docker" ];
# "172.1.0.9" = [ "matrixdb.docker" ]; # "172.1.0.9" = [ "matrixdb.docker" ];
# "172.1.4.1" = [ "matrix-ss.docker" ]; # "172.1.4.1" = [ "matrix-ss.docker" ];
# "172.1.0.7" = [ "matrix-ssdb.docker" ]; # "172.1.0.7" = [ "matrix-ssdb.docker" ];
# "172.1.5.1" = [ "pw.docker" ]; # "172.1.5.1" = [ "pw.docker" ];
"172.1.6.1" = [ "git.docker" ]; # "172.1.6.1" = [ "git.docker" ];
# "172.1.0.10" = [ "gitdb.docker" ]; # "172.1.0.10" = [ "gitdb.docker" ];
# "172.1.7.1" = [ "nn.docker" ]; # "172.1.7.1" = [ "nn.docker" ];
# "172.1.8.1" = [ "llm.docker" ]; # "172.1.8.1" = [ "llm.docker" ];
# "172.1.9.1" = [ "proxy.docker" ]; # "172.1.9.1" = [ "proxy.docker" ];
# "172.1.10.1" = [ "share.docker" ]; # "172.1.10.1" = [ "share.docker" ];
# "172.1.11.1" = [ "odq.docker" ]; # "172.1.11.1" = [ "odq.docker" ];
}; # };
} }