nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nx2site gitea and vaultwarden (working)

Browse Source
This commit is contained in:
Lennart J. Kurzweg (Nx2)
2024-11-20 01:24:57 +01:00
parent e95332cedb
commit f5af726382
10 changed files with 157 additions and 213 deletions
Download Patch File Download Diff File Expand all files Collapse all files

109
system-modules/nx2site.nix
View File

@@ -1,9 +1,23 @@
{ config, pkgs, domain, secrets, ... }:
{ config, pkgs, user, domain, secrets, ... }:
let dns-user = "cloudflare"; in
{
sops.secrets = {
"nx2site/namecheap.pw" = { };
# "nx2site/namecheap.pw" = { };
# "nx2site/cloudflare/api-token-dns-edit" = { };
"nx2site/cloudflare/global-api-key" = { };
"nx2site/cloudflare/global-api-key" = {
owner = dns-user;
};
};
users = {
users = {
"${dns-user}" = {
isSystemUser = true;
group = dns-user;
};
"${user}".extraGroups = [ dns-user ];
};
groups."${dns-user}" = {};
};
systemd = {
@@ -19,22 +33,24 @@
u = let
account_id = secrets.email.gmail-online.mail;
zone_id = "33fecab36e060f49d492127345ea95a0";
record_id = {
record_id = { # curl --request GET --url https://api.cloudflare.com/client/v4/zones/33fecab36e060f49d492127345ea95a0/dns_records --header 'Content-Type: application/json' --header 'X-Auth-Email: <hidden>@gmail.com' --header "X-Auth-Key: <hiddenreadinsops>" -s | jq
base = "58d3412e8d88889d1a611b3669f0700f";
sub = "fc861353142bc05d5dbad1799178e6a1";
base6 = "d1b90e21d2d747dcb30448bd65312927";
sub = "fc861353142bc05d5dbad1799178e6a1";
sub6 = "b8082b7afe9e80971fc9f9dda16ec284";
ssh = "c0f14f17f32d6595c202f041dd836eb3";
ssh6 = "f1ecb2d9d0522d4eec06437688ca76da";
};
passord-file-path = config.sops.secrets."nx2site/cloudflare/global-api-key".path;
log-file-path = "/var/log/couldflare.log";
count-file-path = "/var/log/cloudflare-count.txt";
in pkgs.writers.writePython3Bin "dyn_dns" {
libraries = with pkgs.python311Packages; [ requests ];
flakeIgnore = [ "E501" "E305" "E701" "E704" "E302" "E114" "F841" "E121" "E261" "E303"];
flakeIgnore = [ "E501" "E305" "E701" "E704" "E302" "E114" "F841" "E121" "E261" "E303" ];
} /* python */ ''
import requests
import subprocess
from datetime import datetime
# from datetime import datetime
def get_public_ip(ipv6=False):
return subprocess.run(['${pkgs.curl}/bin/curl', '-s', '-6' if ipv6 else '-4', 'https://ifconfig.me'], capture_output=True, text=True).stdout.strip()
@@ -43,13 +59,13 @@
my_ip = get_public_ip()
my_ip6 = get_public_ip(ipv6=True)
with open("${count-file-path}", "r") as f:
content = f.read()
if content == "": count = 0
else: count = int(content)
count += 1
with open("${count-file-path}", "w") as f:
f.write(str(count))
# with open("${count-file-path}", "r") as f:
# content = f.read()
# if content == "": count = 0
# else: count = int(content)
# count += 1
# with open("${count-file-path}", "w") as f:
# f.write(str(count))
# 4
with open("${passord-file-path}", 'r') as pw_file:
@@ -85,7 +101,7 @@
},
json={
"comment": "Domain verification record",
"name": "${domain}",
"name": "*.${domain}",
"proxied": True,
"settings": {},
"tags": [],
@@ -95,15 +111,34 @@
}
)
resp_sshd = requests.patch(
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.ssh}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "ssh.${domain}",
"proxied": False,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip,
"type": "A"
}
)
if resp_base.status_code != 200:
print(resp_base.text)
now_str = datetime.now().strftime('%Y/%m/%d-%R')
log_entry = f"At {now_str} - to {my_ip} - Response {resp_base.status_code}\n"
print(log_entry, end="")
with open("${log-file-path}", 'a') as log_file:
log_file.write(log_entry)
# now_str = datetime.now().strftime('%Y/%m/%d-%R')
# log_entry = f"At {now_str} - to {my_ip} - Response {resp_base.status_code}\n"
# print(log_entry, end="")
# with open("${log-file-path}", 'a') as log_file:
# log_file.write(log_entry)
# Perform DNS updates
# https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record
@@ -135,7 +170,7 @@
},
json={
"comment": "Domain verification record",
"name": "${domain}",
"name": "*.${domain}",
"proxied": True,
"settings": {},
"tags": [],
@@ -145,14 +180,32 @@
}
)
resp_sshd = requests.patch(
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.ssh6}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "ssh.${domain}",
"proxied": False,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip6,
"type": "AAAA"
}
)
if resp_base.status_code != 200:
print(resp_base.text)
now_str = datetime.now().strftime('%Y/%m/%d-%R')
log_entry = f"At {now_str} - to {my_ip6} - Response {resp_base.status_code}\n"
print(log_entry, end="")
with open("${log-file-path}", 'a') as log_file: log_file.write(log_entry)
# now_str = datetime.now().strftime('%Y/%m/%d-%R')
# log_entry = f"At {now_str} - to {my_ip6} - Response {resp_base.status_code}\n"
# print(log_entry, end="")
# with open("${log-file-path}", 'a') as log_file: log_file.write(log_entry)
if __name__ == "__main__":
main()
@@ -164,7 +217,7 @@
'';
serviceConfig = {
Type = "oneshot";
User = "root";
User = dns-user;
};
};
};
@@ -174,7 +227,7 @@
# "172.1.0.9" = [ "matrixdb.docker" ];
# "172.1.4.1" = [ "matrix-ss.docker" ];
# "172.1.0.7" = [ "matrix-ssdb.docker" ];
"172.1.5.1" = [ "pw.docker" ];
# "172.1.5.1" = [ "pw.docker" ];
"172.1.6.1" = [ "git.docker" ];
# "172.1.0.10" = [ "gitdb.docker" ];
# "172.1.7.1" = [ "nn.docker" ];