{ config, pkgs, lib, user, host, secrets, ... }: # lib.mkIf false lib.mkIf (host == "NxACE" && user != "tv") { sops.secrets = { "nx2site/namecheap.pw" = { }; # "nx2site/cloudflare/api-token-dns-edit" = { }; "nx2site/cloudflare/global-api-key" = { }; }; systemd = { timers."dynamic-dns" = { wantedBy = [ "timers.target" ]; timerConfig = { OnBootSec = "2m"; OnUnitActiveSec = "10m"; Unit = "dynamic-dns.service"; }; }; # services."dynamic-dns" = let # u = let # domain = "nx2.site"; # passord-file-path = config.sops.secrets."nx2site/namecheap.pw".path; # log-file-path = "/var/log/update_namecheap.log"; # count-file-path = "/var/log/update_namecheap-count.txt"; # in pkgs.writers.writePython3Bin "update_namecheap" { # libraries = with pkgs.python311Packages; [ requests ]; # flakeIgnore = [ "E501" "E305" "E701" "E704" "E302" "E114" "F841" ]; # } '' # import requests # import argparse # import socket # from datetime import datetime # def get_public_ip(): return requests.get('https://ipinfo.io/ip').text.strip() # def get_dns_ip(): return socket.gethostbyname_ex('${domain}')[2][0] # def main(force_update): # my_ip = get_public_ip() # dns_ip = get_dns_ip() # with open("${count-file-path}", "r") as f: # content = f.read() # if content == "": count = 0 # else: count = int(content) # count += 1 # with open("${count-file-path}", "w") as f: # f.write(str(count)) # if not (force_update or my_ip != dns_ip): # print(f"Host IP and DNS response are both {my_ip} --> No Action") # exit(0) # else: # with open("${passord-file-path}", 'r') as pw_file: pw = pw_file.read().strip() # # Perform DNS updates # resp_base = requests.get(f"https://dynamicdns.park-your-domain.com/update?host=@&domain=${domain}&password={pw}&ip={my_ip}") # resp_subd = requests.get(f"https://dynamicdns.park-your-domain.com/update?host=*&domain=${domain}&password={pw}&ip={my_ip}") # # Reset the count file # with open("${count-file-path}", 'w') as f: f.write('0') # now_str = datetime.now().strftime('%Y/%m/%d-%R') # log_entry = f"At {now_str} - from {dns_ip} to {my_ip} - {count} times - Response {resp_base.status_code}{' - (forced)' if force_update else ' '}\n" # print(log_entry, end="") # with open("${log-file-path}", 'a') as log_file: log_file.write(log_entry) # if __name__ == "__main__": # parser = argparse.ArgumentParser() # parser.add_argument('-f', '--force', action='store_true', help='Force update') # args = parser.parse_args() # main(args.force) # ''; # in { # script = '' # set -eu # ${u}/bin/update_namecheap # ''; # serviceConfig = { # Type = "oneshot"; # }; services."dynamic-dns" = let u = let domain = "nx2.site"; account_id = secrets.email.gmail-online.mail; zone_id = "33fecab36e060f49d492127345ea95a0"; record_id = { base = "58d3412e8d88889d1a611b3669f0700f"; sub = "fc861353142bc05d5dbad1799178e6a1"; base6 = "d1b90e21d2d747dcb30448bd65312927"; sub6 = "b8082b7afe9e80971fc9f9dda16ec284"; }; passord-file-path = config.sops.secrets."nx2site/cloudflare/global-api-key".path; log-file-path = "/var/log/couldflare.log"; count-file-path = "/var/log/cloudflare-count.txt"; in pkgs.writers.writePython3Bin "dyn_dns" { libraries = with pkgs.python311Packages; [ requests ]; flakeIgnore = [ "E501" "E305" "E701" "E704" "E302" "E114" "F841" "E121" "E261" "E303"]; } '' import requests import subprocess from datetime import datetime def get_public_ip(ipv6=False): return subprocess.run(['${pkgs.curl}/bin/curl', '-s', '-6' if ipv6 else '-4', 'https://ifconfig.me'], capture_output=True, text=True).stdout.strip() def main(): my_ip = get_public_ip() my_ip6 = get_public_ip(ipv6=True) with open("${count-file-path}", "r") as f: content = f.read() if content == "": count = 0 else: count = int(content) count += 1 with open("${count-file-path}", "w") as f: f.write(str(count)) # 4 with open("${passord-file-path}", 'r') as pw_file: pw = pw_file.read().strip() # Perform DNS updates # https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record resp_base = requests.patch( 'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.base}', headers={ 'Content-Type': 'application/json', 'X-Auth-Email': '${account_id}', 'X-Auth-Key': pw }, json={ "comment": "Domain verification record", "name": "${domain}", "proxied": True, "settings": {}, "tags": [], "ttl": 1, # automatic "content": my_ip, "type": "A" } ) resp_subd = requests.patch( 'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.sub}', headers={ 'Content-Type': 'application/json', 'X-Auth-Email': '${account_id}', 'X-Auth-Key': pw }, json={ "comment": "Domain verification record", "name": "${domain}", "proxied": True, "settings": {}, "tags": [], "ttl": 1, # automatic "content": my_ip, "type": "A" } ) if resp_base.status_code != 200: print(resp_base.text) now_str = datetime.now().strftime('%Y/%m/%d-%R') log_entry = f"At {now_str} - to {my_ip} - Response {resp_base.status_code}\n" print(log_entry, end="") with open("${log-file-path}", 'a') as log_file: log_file.write(log_entry) # Perform DNS updates # https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record resp_base = requests.patch( 'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.base6}', headers={ 'Content-Type': 'application/json', 'X-Auth-Email': '${account_id}', 'X-Auth-Key': pw }, json={ "comment": "Domain verification record", "name": "${domain}", "proxied": True, "settings": {}, "tags": [], "ttl": 1, # automatic "content": my_ip6, "type": "AAAA" } ) resp_subd = requests.patch( 'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.sub6}', headers={ 'Content-Type': 'application/json', 'X-Auth-Email': '${account_id}', 'X-Auth-Key': pw }, json={ "comment": "Domain verification record", "name": "${domain}", "proxied": True, "settings": {}, "tags": [], "ttl": 1, # automatic "content": my_ip6, "type": "AAAA" } ) if resp_base.status_code != 200: print(resp_base.text) now_str = datetime.now().strftime('%Y/%m/%d-%R') log_entry = f"At {now_str} - to {my_ip6} - Response {resp_base.status_code}\n" print(log_entry, end="") with open("${log-file-path}", 'a') as log_file: log_file.write(log_entry) if __name__ == "__main__": main() ''; in { script = '' set -eu ${u}/bin/dyn_dns ''; serviceConfig = { Type = "oneshot"; User = "root"; }; }; }; # I can't use this becasue API Access for Namecheap needs a static whitelisted IP, which I don't have # security.acme = { # acceptTerms = true; # certs."nx2site" = { }; # }; environment.systemPackages = with pkgs; [ certbot (writeShellApplication { name = "refresh_ssl_certificate"; runtimeInputs = [ certbot ]; # https://forum.endeavouros.com/t/tutorial-add-a-systemd-boot-loader-menu-entry-for-a-windows-installation-using-a-separate-esp-partition/37431 text = let webroot = /home/nx2/nx2site/staticweb/content; in /*bash*/ '' cartbot ls ${webroot} ''; }) ]; networking.hosts = { # docker network inspect nx2site_default | grep -E "Name|IPv4" | tr "\n" " " | sed -r 's- +- -g;s-\n?"Name": -\n-g' | sed -r '1d;2d;s-"(.+?)", "IPv4Address": "(.+)/16",- "\2" = [ "\1.docker" ];-g' "172.1.2.1" = [ "staticweb.docker" ]; "172.1.3.1" = [ "matrix.docker" ]; # "172.1.0.9" = [ "matrixdb.docker" ]; "172.1.4.1" = [ "matrix-ss.docker" ]; # "172.1.0.7" = [ "matrix-ssdb.docker" ]; "172.1.5.1" = [ "pw.docker" ]; "172.1.6.1" = [ "git.docker" ]; # "172.1.0.10" = [ "gitdb.docker" ]; "172.1.7.1" = [ "nn.docker" ]; "172.1.8.1" = [ "llm.docker" ]; # "172.1.9.1" = [ "proxy.docker" ]; "172.1.10.1" = [ "share.docker" ]; "172.1.11.1" = [ "odq.docker" ]; }; }