From 7073225e85f9c5aa7b58b34b019e9933db1c722b Mon Sep 17 00:00:00 2001
From: geemili <opensource@geemili.xyz>
Date: Sat, 30 Dec 2023 12:00:30 -0700
Subject: [PATCH] feat: ddns and caddy server

---
 agenix-config-module.nix           |   1 +
 configuration.nix                  |  29 +++++++++++++++++++++++++++++
 secrets/samsehu_DUCK_DNS_TOKEN.age | Bin 0 -> 359 bytes
 secrets/secrets.nix                |   1 +
 4 files changed, 31 insertions(+)
 create mode 100644 secrets/samsehu_DUCK_DNS_TOKEN.age

diff --git a/agenix-config-module.nix b/agenix-config-module.nix
index 4c5251b..0305993 100644
--- a/agenix-config-module.nix
+++ b/agenix-config-module.nix
@@ -1,4 +1,5 @@
 {
   age.secrets.samsehu_NFSN_API_KEY.file = ./secrets/samsehu_NFSN_API_KEY.age;
   age.secrets.samsehu_NFSN_LOGIN.file = ./secrets/samsehu_NFSN_LOGIN.age;
+  age.secrets.samsehu_DUCK_DNS_TOKEN.file = ./secrets/samsehu_DUCK_DNS_TOKEN.age;
 }
diff --git a/configuration.nix b/configuration.nix
index 34f8893..2c412dd 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -141,6 +141,31 @@
     };
   };
 
+  # Dynamic DNS through duck dns
+  users.users.dynamicdns = {
+    # allocates the `uid` in the range 100-999, which indicates to software like login managers that it should not be displayed to the user.
+    isSystemUser = true;
+    group = "dynamicdns";
+  };
+  users.groups.dynamicdns = {};
+  systemd.services.dynamic-dns-updater = {
+    serviceConfig.User = "dynamicdns";
+    path = [ pkgs.curl ];
+    script = "curl -o ~/duck.log --url-query domains=samsehuperli --url-query token@${config.age.secrets.samsehu_DUCK_DNS_TOKEN.path} https://www.duckdns.org/update";
+    startAt = "hourly";
+  };
+  systemd.timers.dynamic-dns-updater = {
+    timerConfig.RandomizedDelaySec = "15m";
+  };
+
+  # Reverse proxy with Caddy
+  services.caddy = {
+    enable = true;
+    virtualHosts."samsehu.perli.casa".extraConfig = ''
+      respond "Hello, world!"
+    '';
+  };
+
   # Enable automatic upgrades
   system.autoUpgrade.enable = true;
   system.autoUpgrade.allowReboot = true;
@@ -163,6 +188,10 @@
     # Blocky API
     4000
 
+    # Caddy HTTP and HTTPS
+    80
+    443
+
     # Forgejo web interface
     3000
 
diff --git a/secrets/samsehu_DUCK_DNS_TOKEN.age b/secrets/samsehu_DUCK_DNS_TOKEN.age
new file mode 100644
index 0000000000000000000000000000000000000000..5a944feb0264f938f34edf0e9b1e9bc4de9bf351
GIT binary patch
literal 359
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCTyjPP?wDp&9~DstCO
zaZWTT4$X;3^)|4m%#R2t4)O|d@i6tQ)c1C>DAYHrO!iMM59Bfl_V6svG_-Ut%s0}`
zstSwBbTtn4aZJySG$?Z`FgGj6voLcmPRZ3zHbA${DI`L>!cie9EWp&uEHTm1D=H(=
zFWf0Rs?x$M!XTueNI%iQ+cdbuB_z?u(J9Bz-Iq(dB+Jsv*~lr%*|Id-w6wIc)XB-u
zSU)r*wJO~^y*S9-r!+LUw5Y((&w@)=S69JDKi@JrFVeIqKQ%bNJR_vUG0)K@GQhjs
z!r3@8+tVbVAiONs&oAHA)Pk$nO(84)*v-GzyDzZl-wW5bo3utIY)41Jj^ioZHz(NS
r92Dj{c&b@7>vasn+Ky(?d9k~;J<h926}3+J`B3Xb=GU%@Imtx;FoS&$

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 9721d2a..161c0ea 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -7,4 +7,5 @@ in
 {
   "samsehu_NFSN_API_KEY.age".publicKeys = geemili ++ [ samsehu ];
   "samsehu_NFSN_LOGIN.age".publicKeys = geemili ++ [ samsehu ];
+  "samsehu_DUCK_DNS_TOKEN.age".publicKeys = geemili ++ [ samsehu ];
 }