nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
924f48b15ae44441aef413b753dd4742944c95ec
dotfiles/system-modules/nx2site.nix
Lennart J. Kurzweg (Nx2) 924f48b15a nx2site001
2024-11-08 13:48:02 +01:00

273 lines
10 KiB
Nix
Raw Blame History

{ config, pkgs, lib, user, host, secrets, ... }:
# lib.mkIf false
lib.mkIf (host == "NxACE" && user != "tv")
{
sops.secrets = {
"nx2site/namecheap.pw" = { };
# "nx2site/cloudflare/api-token-dns-edit" = { };
"nx2site/cloudflare/global-api-key" = { };
};
systemd = {
timers."dynamic-dns" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "2m";
OnUnitActiveSec = "10m";
Unit = "dynamic-dns.service";
};
};
# services."dynamic-dns" = let
# u = let
# domain = "nx2.site";
# passord-file-path = config.sops.secrets."nx2site/namecheap.pw".path;
# log-file-path = "/var/log/update_namecheap.log";
# count-file-path = "/var/log/update_namecheap-count.txt";
# in pkgs.writers.writePython3Bin "update_namecheap" {
# libraries = with pkgs.python311Packages; [ requests ];
# flakeIgnore = [ "E501" "E305" "E701" "E704" "E302" "E114" "F841" ];
# } ''
# import requests
# import argparse
# import socket
# from datetime import datetime
# def get_public_ip(): return requests.get('https://ipinfo.io/ip').text.strip()
# def get_dns_ip(): return socket.gethostbyname_ex('${domain}')[2][0]
# def main(force_update):
# my_ip = get_public_ip()
# dns_ip = get_dns_ip()
# with open("${count-file-path}", "r") as f:
# content = f.read()
# if content == "": count = 0
# else: count = int(content)
# count += 1
# with open("${count-file-path}", "w") as f:
# f.write(str(count))
# if not (force_update or my_ip != dns_ip):
# print(f"Host IP and DNS response are both {my_ip} --> No Action")
# exit(0)
# else:
# with open("${passord-file-path}", 'r') as pw_file: pw = pw_file.read().strip()
# # Perform DNS updates
# resp_base = requests.get(f"https://dynamicdns.park-your-domain.com/update?host=@&domain=${domain}&password={pw}&ip={my_ip}")
# resp_subd = requests.get(f"https://dynamicdns.park-your-domain.com/update?host=*&domain=${domain}&password={pw}&ip={my_ip}")
# # Reset the count file
# with open("${count-file-path}", 'w') as f: f.write('0')
# now_str = datetime.now().strftime('%Y/%m/%d-%R')
# log_entry = f"At {now_str} - from {dns_ip} to {my_ip} - {count} times - Response {resp_base.status_code}{' - (forced)' if force_update else ' '}\n"
# print(log_entry, end="")
# with open("${log-file-path}", 'a') as log_file: log_file.write(log_entry)
# if __name__ == "__main__":
# parser = argparse.ArgumentParser()
# parser.add_argument('-f', '--force', action='store_true', help='Force update')
# args = parser.parse_args()
# main(args.force)
# '';
# in {
# script = ''
# set -eu
# ${u}/bin/update_namecheap
# '';
# serviceConfig = {
# Type = "oneshot";
# };
services."dynamic-dns" = let
u = let
domain = "nx2.site";
account_id = secrets.email.gmail-online.mail;
zone_id = "33fecab36e060f49d492127345ea95a0";
record_id = {
base = "58d3412e8d88889d1a611b3669f0700f";
sub = "fc861353142bc05d5dbad1799178e6a1";
base6 = "d1b90e21d2d747dcb30448bd65312927";
sub6 = "b8082b7afe9e80971fc9f9dda16ec284";
};
passord-file-path = config.sops.secrets."nx2site/cloudflare/global-api-key".path;
log-file-path = "/var/log/couldflare.log";
count-file-path = "/var/log/cloudflare-count.txt";
in pkgs.writers.writePython3Bin "dyn_dns" {
libraries = with pkgs.python311Packages; [ requests ];
flakeIgnore = [ "E501" "E305" "E701" "E704" "E302" "E114" "F841" "E121" "E261" "E303"];
} ''
import requests
import subprocess
from datetime import datetime
def get_public_ip(ipv6=False):
return subprocess.run(['${pkgs.curl}/bin/curl', '-s', '-6' if ipv6 else '-4', 'https://ifconfig.me'], capture_output=True, text=True).stdout.strip()
def main():
my_ip = get_public_ip()
my_ip6 = get_public_ip(ipv6=True)
with open("${count-file-path}", "r") as f:
content = f.read()
if content == "": count = 0
else: count = int(content)
count += 1
with open("${count-file-path}", "w") as f:
f.write(str(count))
# 4
with open("${passord-file-path}", 'r') as pw_file:
pw = pw_file.read().strip()
# Perform DNS updates
# https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record
resp_base = requests.patch(
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.base}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "${domain}",
"proxied": True,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip,
"type": "A"
}
)
resp_subd = requests.patch(
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.sub}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "${domain}",
"proxied": True,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip,
"type": "A"
}
)
if resp_base.status_code != 200:
print(resp_base.text)
now_str = datetime.now().strftime('%Y/%m/%d-%R')
log_entry = f"At {now_str} - to {my_ip} - Response {resp_base.status_code}\n"
print(log_entry, end="")
with open("${log-file-path}", 'a') as log_file:
log_file.write(log_entry)
# Perform DNS updates
# https://developers.cloudflare.com/api/operations/dns-records-for-a-zone-update-dns-record
resp_base = requests.patch(
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.base6}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "${domain}",
"proxied": True,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip6,
"type": "AAAA"
}
)
resp_subd = requests.patch(
'https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records/${record_id.sub6}',
headers={
'Content-Type': 'application/json',
'X-Auth-Email': '${account_id}',
'X-Auth-Key': pw
},
json={
"comment": "Domain verification record",
"name": "${domain}",
"proxied": True,
"settings": {},
"tags": [],
"ttl": 1, # automatic
"content": my_ip6,
"type": "AAAA"
}
)
if resp_base.status_code != 200:
print(resp_base.text)
now_str = datetime.now().strftime('%Y/%m/%d-%R')
log_entry = f"At {now_str} - to {my_ip6} - Response {resp_base.status_code}\n"
print(log_entry, end="")
with open("${log-file-path}", 'a') as log_file: log_file.write(log_entry)
if __name__ == "__main__":
main()
'';
in {
script = ''
set -eu
${u}/bin/dyn_dns
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
};
# I can't use this becasue API Access for Namecheap needs a static whitelisted IP, which I don't have
# security.acme = {
# acceptTerms = true;
# certs."nx2site" = { };
# };
environment.systemPackages = with pkgs; [
certbot
(writeShellApplication {
name = "refresh_ssl_certificate";
runtimeInputs = [ certbot ];
# https://forum.endeavouros.com/t/tutorial-add-a-systemd-boot-loader-menu-entry-for-a-windows-installation-using-a-separate-esp-partition/37431
text = let
webroot = /home/nx2/nx2site/staticweb/content;
in /*bash*/ ''
cartbot
ls ${webroot}
'';
})
];
networking.hosts = { # docker network inspect nx2site_default | grep -E "Name|IPv4" | tr "\n" " " | sed -r 's- +- -g;s-\n?"Name": -\n-g' | sed -r '1d;2d;s-"(.+?)", "IPv4Address": "(.+)/16",- "\2" = [ "\1.docker" ];-g'
"172.1.2.1" = [ "staticweb.docker" ];
"172.1.3.1" = [ "matrix.docker" ];
# "172.1.0.9" = [ "matrixdb.docker" ];
"172.1.4.1" = [ "matrix-ss.docker" ];
# "172.1.0.7" = [ "matrix-ssdb.docker" ];
"172.1.5.1" = [ "pw.docker" ];
"172.1.6.1" = [ "git.docker" ];
# "172.1.0.10" = [ "gitdb.docker" ];
"172.1.7.1" = [ "nn.docker" ];
"172.1.8.1" = [ "llm.docker" ];
# "172.1.9.1" = [ "proxy.docker" ];
"172.1.10.1" = [ "share.docker" ];
"172.1.11.1" = [ "odq.docker" ];
};
}
Reference in New Issue View Git Blame Copy Permalink