{ config, pkgs, user, domain, secrets, ... }: let dns-user = "cloudflare"; in { sops.secrets = { # "nx2site/namecheap.pw" = { }; # "nx2site/cloudflare/api-token-dns-edit" = { }; "nx2site/cloudflare/global-api-key" = { owner = dns-user; }; }; users = { users = { "${dns-user}" = { isSystemUser = true; group = dns-user; }; "${user}".extraGroups = [ dns-user ]; }; groups."${dns-user}" = {}; }; systemd = { timers."dynamic-dns" = { wantedBy = [ "timers.target" ]; timerConfig = { OnBootSec = "2m"; OnUnitActiveSec = "10m"; Unit = "dynamic-dns.service"; }; }; services."dynamic-dns" = let u = let account_id = secrets.email.gmail-online.mail; zone_id = "33fecab36e060f49d492127345ea95a0"; record_id = { # curl --request GET --url https://api.cloudflare.com/client/v4/zones/33fecab36e060f49d492127345ea95a0/dns_records --header 'Content-Type: application/json' --header 'X-Auth-Email: @gmail.com' --header "X-Auth-Key: " -s | jq base = "58d3412e8d88889d1a611b3669f0700f"; base6 = "d1b90e21d2d747dcb30448bd65312927"; sub = "fc861353142bc05d5dbad1799178e6a1"; sub6 = "b8082b7afe9e80971fc9f9dda16ec284"; ssh = "c0f14f17f32d6595c202f041dd836eb3"; ssh6 = "f1ecb2d9d0522d4eec06437688ca76da"; }; passord-file-path = config.sops.secrets."nx2site/cloudflare/global-api-key".path; log-file-path = "/var/log/couldflare.log"; count-file-path = "/var/log/cloudflare-count.txt"; in pkgs.writers.writePython3Bin "dyn_dns" { libraries = with pkgs.python311Packages; [ requests ]; flakeIgnore = [ "E501" "E305" "E701" "E704" "E302" "E114" "F841" "E121" "E261" "E303" ]; } /* python */ '' import requests import subprocess # from datetime import datetime def get_public_ip(ipv6=False): return subprocess.run(['${pkgs.curl}/bin/curl', '-s', '-6' if ipv6 else '-4', 'https://ifconfig.me'], capture_output=True, text=True).stdout.strip() def main(): my_ip = get_public_ip() my_ip6 = get_public_ip(ipv6=True) # with open("${count-file-path}", "r") as f: # content = f.read() # if content == "": count = 0 # else: count = int(content) # count += 1 # with open("${count-file-path}", "w") as f: # f.write(str(count)) # 4 with open("${passord-file-path}", 'r') as pw_file: pw = pw_file.read().strip() # Perform DNS updates # https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record resp_base = requests.patch( 'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.base}', headers={ 'Content-Type': 'application/json', 'X-Auth-Email': '${account_id}', 'X-Auth-Key': pw }, json={ "comment": "Domain verification record", "name": "${domain}", "proxied": True, "settings": {}, "tags": [], "ttl": 1, # automatic "content": my_ip, "type": "A" } ) resp_subd = requests.patch( 'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.sub}', headers={ 'Content-Type': 'application/json', 'X-Auth-Email': '${account_id}', 'X-Auth-Key': pw }, json={ "comment": "Domain verification record", "name": "*.${domain}", "proxied": True, "settings": {}, "tags": [], "ttl": 1, # automatic "content": my_ip, "type": "A" } ) resp_sshd = requests.patch( 'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.ssh}', headers={ 'Content-Type': 'application/json', 'X-Auth-Email': '${account_id}', 'X-Auth-Key': pw }, json={ "comment": "Domain verification record", "name": "ssh.${domain}", "proxied": False, "settings": {}, "tags": [], "ttl": 1, # automatic "content": my_ip, "type": "A" } ) if resp_base.status_code != 200: print(resp_base.text) # now_str = datetime.now().strftime('%Y/%m/%d-%R') # log_entry = f"At {now_str} - to {my_ip} - Response {resp_base.status_code}\n" # print(log_entry, end="") # with open("${log-file-path}", 'a') as log_file: # log_file.write(log_entry) # Perform DNS updates # https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record resp_base = requests.patch( 'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.base6}', headers={ 'Content-Type': 'application/json', 'X-Auth-Email': '${account_id}', 'X-Auth-Key': pw }, json={ "comment": "Domain verification record", "name": "${domain}", "proxied": True, "settings": {}, "tags": [], "ttl": 1, # automatic "content": my_ip6, "type": "AAAA" } ) resp_subd = requests.patch( 'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.sub6}', headers={ 'Content-Type': 'application/json', 'X-Auth-Email': '${account_id}', 'X-Auth-Key': pw }, json={ "comment": "Domain verification record", "name": "*.${domain}", "proxied": True, "settings": {}, "tags": [], "ttl": 1, # automatic "content": my_ip6, "type": "AAAA" } ) resp_sshd = requests.patch( 'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.ssh6}', headers={ 'Content-Type': 'application/json', 'X-Auth-Email': '${account_id}', 'X-Auth-Key': pw }, json={ "comment": "Domain verification record", "name": "ssh.${domain}", "proxied": False, "settings": {}, "tags": [], "ttl": 1, # automatic "content": my_ip6, "type": "AAAA" } ) if resp_base.status_code != 200: print(resp_base.text) # now_str = datetime.now().strftime('%Y/%m/%d-%R') # log_entry = f"At {now_str} - to {my_ip6} - Response {resp_base.status_code}\n" # print(log_entry, end="") # with open("${log-file-path}", 'a') as log_file: log_file.write(log_entry) if __name__ == "__main__": main() ''; in { script = '' set -eu ${u}/bin/dyn_dns ''; serviceConfig = { Type = "oneshot"; User = dns-user; }; }; }; networking.hosts = { # docker network inspect nx2site_default | grep -E "Name|IPv4" | tr "\n" " " | sed -r 's- +- -g;s-\n?"Name": -\n-g' | sed -r '1d;2d;s-"(.+?)", "IPv4Address": "(.+)/16",- "\2" = [ "\1.docker" ];-g' # "172.1.2.1" = [ "staticweb.docker" ]; # "172.1.3.1" = [ "matrix.docker" ]; # "172.1.0.9" = [ "matrixdb.docker" ]; # "172.1.4.1" = [ "matrix-ss.docker" ]; # "172.1.0.7" = [ "matrix-ssdb.docker" ]; # "172.1.5.1" = [ "pw.docker" ]; "172.1.6.1" = [ "git.docker" ]; # "172.1.0.10" = [ "gitdb.docker" ]; # "172.1.7.1" = [ "nn.docker" ]; # "172.1.8.1" = [ "llm.docker" ]; # "172.1.9.1" = [ "proxy.docker" ]; # "172.1.10.1" = [ "share.docker" ]; # "172.1.11.1" = [ "odq.docker" ]; }; }