feat: ddns and caddy server

agenix-config-module.nix

@@ -1,4 +1,5 @@
 {
   age.secrets.samsehu_NFSN_API_KEY.file = ./secrets/samsehu_NFSN_API_KEY.age;
   age.secrets.samsehu_NFSN_LOGIN.file = ./secrets/samsehu_NFSN_LOGIN.age;
+  age.secrets.samsehu_DUCK_DNS_TOKEN.file = ./secrets/samsehu_DUCK_DNS_TOKEN.age;
 }

configuration.nix

@@ -141,6 +141,31 @@
     };
   };
 
+  # Dynamic DNS through duck dns
+  users.users.dynamicdns = {
+    # allocates the `uid` in the range 100-999, which indicates to software like login managers that it should not be displayed to the user.
+    isSystemUser = true;
+    group = "dynamicdns";
+  };
+  users.groups.dynamicdns = {};
+  systemd.services.dynamic-dns-updater = {
+    serviceConfig.User = "dynamicdns";
+    path = [ pkgs.curl ];
+    script = "curl -o ~/duck.log --url-query domains=samsehuperli --url-query token@${config.age.secrets.samsehu_DUCK_DNS_TOKEN.path} https://www.duckdns.org/update";
+    startAt = "hourly";
+  };
+  systemd.timers.dynamic-dns-updater = {
+    timerConfig.RandomizedDelaySec = "15m";
+  };
+
+  # Reverse proxy with Caddy
+  services.caddy = {
+    enable = true;
+    virtualHosts."samsehu.perli.casa".extraConfig = ''
+      respond "Hello, world!"
+    '';
+  };
+
   # Enable automatic upgrades
   system.autoUpgrade.enable = true;
   system.autoUpgrade.allowReboot = true;
@@ -163,6 +188,10 @@
     # Blocky API
     4000
 
+    # Caddy HTTP and HTTPS
+    80
+    443
+
     # Forgejo web interface
     3000
 

secrets/secrets.nix

@@ -7,4 +7,5 @@ in
 {
   "samsehu_NFSN_API_KEY.age".publicKeys = geemili ++ [ samsehu ];
   "samsehu_NFSN_LOGIN.age".publicKeys = geemili ++ [ samsehu ];
+  "samsehu_DUCK_DNS_TOKEN.age".publicKeys = geemili ++ [ samsehu ];
 }