feat: ddns and caddy server

feat: add `geemili` user as a trusted nix user
This allows me to push configuration updates to the samsehu host
2023-12-30 12:00:30 -07:00 · 2023-12-29 22:10:30 -07:00 · 2023-12-29 22:10:20 -07:00
4 changed files with 36 additions and 3 deletions
--- a/agenix-config-module.nix
+++ b/agenix-config-module.nix
@ -1,4 +1,5 @@
 {
  age.secrets.samsehu_NFSN_API_KEY.file = ./secrets/samsehu_NFSN_API_KEY.age;
  age.secrets.samsehu_NFSN_LOGIN.file = ./secrets/samsehu_NFSN_LOGIN.age;
+  age.secrets.samsehu_DUCK_DNS_TOKEN.file = ./secrets/samsehu_DUCK_DNS_TOKEN.age;
 }
--- a/configuration.nix
+++ b/configuration.nix
@ -7,7 +7,7 @@
 {
  imports =
    [ # Include the results of the hardware scan.
-      ./hardware-configuration.nix
+      ./hardware/samsehu.nix
    ];

  # Use the `systemd-boot` boot loader
@ -135,12 +135,37 @@
      domain = "samsehu.perli.casa";
      dnsProvider = "nearlyfreespeech";
      credentialFiles = {
-        "NEARLYFREESPECH_API_KEY" = config.age.secrets.samsehu_NFSN_API_KEY.path;
-        "NEARLYFREESPECH_LOGIN" = config.age.secrets.samsehu_NFSN_LOGIN.path;
+        "NEARLYFREESPEECH_API_KEY_FILE" = config.age.secrets.samsehu_NFSN_API_KEY.path;
+        "NEARLYFREESPEECH_LOGIN_FILE" = config.age.secrets.samsehu_NFSN_LOGIN.path;
      };
    };
  };

+  # Dynamic DNS through duck dns
+  users.users.dynamicdns = {
+    # allocates the `uid` in the range 100-999, which indicates to software like login managers that it should not be displayed to the user.
+    isSystemUser = true;
+    group = "dynamicdns";
+  };
+  users.groups.dynamicdns = {};
+  systemd.services.dynamic-dns-updater = {
+    serviceConfig.User = "dynamicdns";
+    path = [ pkgs.curl ];
+    script = "curl -o ~/duck.log --url-query domains=samsehuperli --url-query token@${config.age.secrets.samsehu_DUCK_DNS_TOKEN.path} https://www.duckdns.org/update";
+    startAt = "hourly";
+  };
+  systemd.timers.dynamic-dns-updater = {
+    timerConfig.RandomizedDelaySec = "15m";
+  };
+
+  # Reverse proxy with Caddy
+  services.caddy = {
+    enable = true;
+    virtualHosts."samsehu.perli.casa".extraConfig = ''
+      respond "Hello, world!"
+    '';
+  };
+
  # Enable automatic upgrades
  system.autoUpgrade.enable = true;
  system.autoUpgrade.allowReboot = true;
@ -152,6 +177,8 @@
    options = "--delete-older-than 30d";
  };

+  nix.settings.trusted-users = [ "geemili" ];
+
  # Open ports in the firewall.
  networking.firewall.enable = true;
  networking.firewall.allowedTCPPorts = [
@ -161,6 +188,10 @@
    # Blocky API
    4000

+    # Caddy HTTP and HTTPS
+    80
+    443
+
    # Forgejo web interface
    3000

--- a/secrets/samsehu_DUCK_DNS_TOKEN.age
+++ b/secrets/samsehu_DUCK_DNS_TOKEN.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -7,4 +7,5 @@ in
 {
  "samsehu_NFSN_API_KEY.age".publicKeys = geemili ++ [ samsehu ];
  "samsehu_NFSN_LOGIN.age".publicKeys = geemili ++ [ samsehu ];
+  "samsehu_DUCK_DNS_TOKEN.age".publicKeys = geemili ++ [ samsehu ];
 }
Author	SHA1	Message	Date
LeRoyce Pearson	7073225e85	feat: ddns and caddy server	2023-12-30 12:00:30 -07:00
LeRoyce Pearson	da55c99dc9	feat: add `geemili` user as a trusted nix user This allows me to push configuration updates to the samsehu host	2023-12-29 22:10:30 -07:00
LeRoyce Pearson	7162630e2f	fix: some typos	2023-12-29 22:10:20 -07:00