nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: nx2:60a839663a6ab753e1fb1f4eca0eba4027be7a32
Branches Tags
nx2:master nx2:nod nx2:gitea nx2:north
...
compare: nx2:6b4a76dd4a2c9433624493668fe59ae012be3f84
Branches Tags
nx2:master nx2:nod nx2:gitea nx2:north

2 Commits
60a839663a ... 6b4a76dd4a

Author SHA1 Message Date
Lennart J. Kurzweg (Nx2)
6b4a76dd4a fix and refactor dynamic-dns 2025-02-22 13:43:35 +01:00
Lennart J. Kurzweg (Nx2)
c15bf8c58e little formatting 2025-02-22 13:43:16 +01:00
2 changed files with 71 additions and 184 deletions
Expand all files Collapse all files

10
system-modules/calendar-dicos.nix
View File

@@ -13,11 +13,11 @@
systemd.services."nx_cal_dicos" = { systemd.services."nx_cal_dicos" = {
script = let script = let
nx_cal_dicos = (pkgs.writers.writePython3Bin "nx_cal_dicos" { nx_cal_dicos = (pkgs.writers.writePython3Bin "nx_cal_dicos" {
libraries = with pkgs.python3Packages; [ libraries = with pkgs.python3Packages; [
ics ics
]; ];
flakeIgnore = [ "E302" "E305" "E226" "E501" ]; flakeIgnore = [ "E302" "E305" "E226" "E501" ];
} /*python */ '' } /* python */ ''
import os import os
from glob import glob from glob import glob
from ics import Calendar from ics import Calendar

245
system-modules/nx2site.nix
View File

@@ -29,191 +29,78 @@ let dns-user = "cloudflare"; in
Unit = "dynamic-dns.service"; Unit = "dynamic-dns.service";
}; };
}; };
services."dynamic-dns" = let services."dynamic-dns" = {
u = let script = let
account_id = secrets.email.gmail-online.mail; dyn-dns = let
zone_id = "33fecab36e060f49d492127345ea95a0"; account_id = secrets.email.gmail-online.mail;
record_id = { # curl --request GET --url https://api.cloudflare.com/client/v4/zones/33fecab36e060f49d492127345ea95a0/dns_records --header 'Content-Type: application/json' --header 'X-Auth-Email: <hidden>@gmail.com' --header "X-Auth-Key: <hiddenreadinsops>" -s | jq zone_id = "33fecab36e060f49d492127345ea95a0";
base = "58d3412e8d88889d1a611b3669f0700f"; record_id = { # curl --request GET --url https://api.cloudflare.com/client/v4/zones/33fecab36e060f49d492127345ea95a0/dns_records --header 'Content-Type: application/json' --header 'X-Auth-Email: <hidden>@gmail.com' --header "X-Auth-Key: <hiddenreadinsops>" -s | jq
base6 = "d1b90e21d2d747dcb30448bd65312927"; base = "58d3412e8d88889d1a611b3669f0700f";
sub = "fc861353142bc05d5dbad1799178e6a1"; base6 = "d1b90e21d2d747dcb30448bd65312927";
sub6 = "b8082b7afe9e80971fc9f9dda16ec284"; sub = "fc861353142bc05d5dbad1799178e6a1";
ssh = "c0f14f17f32d6595c202f041dd836eb3"; sub6 = "b8082b7afe9e80971fc9f9dda16ec284";
ssh6 = "f1ecb2d9d0522d4eec06437688ca76da"; ssh = "c0f14f17f32d6595c202f041dd836eb3";
}; ssh6 = "f1ecb2d9d0522d4eec06437688ca76da";
passord-file-path = config.sops.secrets."nx2site/cloudflare/global-api-key".path; };
log-file-path = "/var/log/couldflare.log"; passord-file-path = config.sops.secrets."nx2site/cloudflare/global-api-key".path;
count-file-path = "/var/log/cloudflare-count.txt"; in pkgs.writers.writePython3Bin "dyn_dns" {
in pkgs.writers.writePython3Bin "dyn_dns" { libraries = with pkgs.python3Packages; [ requests ];
libraries = with pkgs.python311Packages; [ requests ]; flakeIgnore = [ "E302" "E305" "E226" "E501" "E261" ];
flakeIgnore = [ "E501" "E305" "E701" "E704" "E302" "E114" "F841" "E121" "E261" "E303" ]; } /* python */ ''
} /* python */ '' import requests
import requests import subprocess
import subprocess
# from datetime import datetime
def get_public_ip(ipv6=False): def get_public_ip(ipv6: bool = False) -> str:
return subprocess.run(['${pkgs.curl}/bin/curl', '-s', '-6' if ipv6 else '-4', 'https://ifconfig.me'], capture_output=True, text=True).stdout.strip() return subprocess.run(['${pkgs.curl}/bin/curl', '-s', '-6' if ipv6 else '-4', 'https://ifconfig.me'], capture_output=True, text=True).stdout.strip()
def main(): def update_record(record_id: str, record_name: str, ip: str, type: str, proxied: bool, pw: str) -> None:
my_ip = get_public_ip() return requests.patch(
my_ip6 = get_public_ip(ipv6=True) f'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/{record_id}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": record_name,
"proxied": proxied,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": ip,
"type": type
}
)
# with open("${count-file-path}", "r") as f: def main():
# content = f.read() my_ip = get_public_ip()
# if content == "": count = 0 my_ip6 = get_public_ip(ipv6=True)
# else: count = int(content)
# count += 1
# with open("${count-file-path}", "w") as f:
# f.write(str(count))
# 4 with open("${passord-file-path}", 'r') as pw_file:
with open("${passord-file-path}", 'r') as pw_file: pw = pw_file.read().strip()
pw = pw_file.read().strip()
# Perform DNS updates # Perform DNS updates
# https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record # https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record
resp_base = requests.patch( r = update_record(record_id="${record_id.base}", record_name="${domain}", ip=my_ip, type="A", proxied=True, pw=pw)
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.base}', _ = update_record(record_id="${record_id.sub}", record_name="*.${domain}", ip=my_ip, type="A", proxied=True, pw=pw)
headers={ _ = update_record(record_id="${record_id.ssh}", record_name="ssh.${domain}", ip=my_ip, type="A", proxied=False, pw=pw)
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "${domain}",
"proxied": True,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip,
"type": "A"
}
)
resp_subd = requests.patch( if r.status_code != 200:
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.sub}', print(r.text)
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "*.${domain}",
"proxied": True,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip,
"type": "A"
}
)
resp_sshd = requests.patch( r = update_record(record_id="${record_id.base6}", record_name="${domain}", ip=my_ip6, type="AAAA", proxied=True, pw=pw)
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.ssh}', _ = update_record(record_id="${record_id.sub6}", record_name="*.${domain}", ip=my_ip6, type="AAAA", proxied=True, pw=pw)
headers={ _ = update_record(record_id="${record_id.ssh6}", record_name="ssh.${domain}", ip=my_ip6, type="AAAA", proxied=False, pw=pw)
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "ssh.${domain}",
"proxied": False,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip,
"type": "A"
}
)
if resp_base.status_code != 200: if r.status_code != 200:
print(resp_base.text) print(r.text)
if __name__ == "__main__":
# now_str = datetime.now().strftime('%Y/%m/%d-%R') main()
# log_entry = f"At {now_str} - to {my_ip} - Response {resp_base.status_code}\n" ''; in /* bash */ ''
# print(log_entry, end="") set -e
# with open("${log-file-path}", 'a') as log_file: ${dyn-dns}/bin/dyn_dns
# log_file.write(log_entry)
# Perform DNS updates
# https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record
resp_base = requests.patch(
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.base6}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "${domain}",
"proxied": True,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip6,
"type": "AAAA"
}
)
resp_subd = requests.patch(
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.sub6}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "*.${domain}",
"proxied": True,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip6,
"type": "AAAA"
}
)
resp_sshd = requests.patch(
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.ssh6}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "ssh.${domain}",
"proxied": False,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip6,
"type": "AAAA"
}
)
if resp_base.status_code != 200:
print(resp_base.text)
# now_str = datetime.now().strftime('%Y/%m/%d-%R')
# log_entry = f"At {now_str} - to {my_ip6} - Response {resp_base.status_code}\n"
# print(log_entry, end="")
# with open("${log-file-path}", 'a') as log_file: log_file.write(log_entry)
if __name__ == "__main__":
main()
'';
in {
script = ''
set -eu
${u}/bin/dyn_dns
''; '';
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
@@ -221,19 +108,19 @@ let dns-user = "cloudflare"; in
}; };
}; };
}; };
networking.hosts = { # docker network inspect nx2site_default | grep -E "Name|IPv4" | tr "\n" " " | sed -r 's- +- -g;s-\n?"Name": -\n-g' | sed -r '1d;2d;s-"(.+?)", "IPv4Address": "(.+)/16",- "\2" = [ "\1.docker" ];-g' # networking.hosts = { # docker network inspect nx2site_default | grep -E "Name|IPv4" | tr "\n" " " | sed -r 's- +- -g;s-\n?"Name": -\n-g' | sed -r '1d;2d;s-"(.+?)", "IPv4Address": "(.+)/16",- "\2" = [ "\1.docker" ];-g'
# "172.1.2.1" = [ "staticweb.docker" ]; # "172.1.2.1" = [ "staticweb.docker" ];
# "172.1.3.1" = [ "matrix.docker" ]; # "172.1.3.1" = [ "matrix.docker" ];
# "172.1.0.9" = [ "matrixdb.docker" ]; # "172.1.0.9" = [ "matrixdb.docker" ];
# "172.1.4.1" = [ "matrix-ss.docker" ]; # "172.1.4.1" = [ "matrix-ss.docker" ];
# "172.1.0.7" = [ "matrix-ssdb.docker" ]; # "172.1.0.7" = [ "matrix-ssdb.docker" ];
# "172.1.5.1" = [ "pw.docker" ]; # "172.1.5.1" = [ "pw.docker" ];
"172.1.6.1" = [ "git.docker" ]; # "172.1.6.1" = [ "git.docker" ];
# "172.1.0.10" = [ "gitdb.docker" ]; # "172.1.0.10" = [ "gitdb.docker" ];
# "172.1.7.1" = [ "nn.docker" ]; # "172.1.7.1" = [ "nn.docker" ];
# "172.1.8.1" = [ "llm.docker" ]; # "172.1.8.1" = [ "llm.docker" ];
# "172.1.9.1" = [ "proxy.docker" ]; # "172.1.9.1" = [ "proxy.docker" ];
# "172.1.10.1" = [ "share.docker" ]; # "172.1.10.1" = [ "share.docker" ];
# "172.1.11.1" = [ "odq.docker" ]; # "172.1.11.1" = [ "odq.docker" ];
}; # };
} }