diff --git a/machines/deedee/configuration.nix b/machines/deedee/configuration.nix index 36fab6b..5d0ed22 100644 --- a/machines/deedee/configuration.nix +++ b/machines/deedee/configuration.nix @@ -145,6 +145,8 @@ rec { adminPasswordSopsSecret = "credentials/services/admin"; }; + ddclient.enable = true; + docker = { enable = true; rootless = false; diff --git a/machines/deedee/secrets.sops.yaml b/machines/deedee/secrets.sops.yaml index 53f1019..2839b79 100644 --- a/machines/deedee/secrets.sops.yaml +++ b/machines/deedee/secrets.sops.yaml @@ -39,6 +39,8 @@ system: bazarr: env: BAZARR__API_KEY: ENC[AES256_GCM,data:VX8vZcRO9Lrp+aLMz0bxYsXdlvbxwlwWwj8nY89UZgU=,iv:sVokTihff9vZv3LmDx8vDrZNClud3TUYwH2jZmuuKQg=,tag:K7TbxLgUOGd2s8XvG91VaQ==,type:str] + ddclient: + cloudflare_token: ENC[AES256_GCM,data:edAKKffA/uyxHfVCE5pnk8KFcuzAbWZaqvHMgfykZPmrlezxJFFZBw==,iv:RgwmTIu3szeB58O4fzEmIR3BGY2CbaAGFTdVewTDJtU=,tag:SA1aqxUv5B1Jv7rmblqrEw==,type:str] firefly-iii: env: APP_KEY: ENC[AES256_GCM,data:ks/31NYsRRo9SrEbRfeQhUxn9pRfvXYExhUY9y84TXA=,iv:vn8R/bJU2PFbQjOsKNRerj3uNAynjwInalWGCYjGVI0=,tag:ME3XtRW7EkpgiY/banycsQ==,type:str] @@ -174,8 +176,8 @@ sops: c3FoaFNzbjJubzlBckdDb2lNOUZtOGMKRbHxa1B3QAdredBMTd7W7g3kRz6l8uyV bBclsA8Gm7p+6ndV39sN+Daqm5MyggY1Prwv/Ukdd5Q+1C+XsEW6OQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-11-04T13:30:18Z" - mac: ENC[AES256_GCM,data:MoZ3elL/tNYubWYOS4ea0OIeaYRupEAx+mrWqQvovaALgS8uK+wkvEWiMwfiry7o1kdp7bzIdezGkHgdwMTY6qODl5cprNTHdt0OxErud/PDbh71d+QuMl0yMIyb0ZezR4mGxKroBLLnWoS0dqcFRfu84gnJv9sUGd3B2JIpWB0=,iv:fslyVgfauGaBtNuABmyj9+Dgi69Q/ldrY8Oh2INXcAs=,tag:zRWs7yhmmg99YnekqoAPDA==,type:str] + lastmodified: "2024-11-04T17:42:00Z" + mac: ENC[AES256_GCM,data:plrn/rOgJCqRB+TGr7VkZ6uMtDJTF//ror1uCpQuy7/t6zEhYdqyN1UgIg4ck49EgWJy501QpZ70hPP/RBRWVb6VfqKcugnzz4QBUqpbakAVK1hCRT8Psh3WyZ+HHc2L/WatGgJwq59HrfAbtFS1G1U2ztq4jrgM7+9E9U7K9ho=,iv:TfEp0b8W19v5Uvq/0xLvWuReKD7K3P/VKiJZ/QeYxOU=,tag:H/McFxlGS6rlfvIi00jSow==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/modules/system/apps/adguardhome/default.nix b/modules/system/apps/adguardhome/default.nix index 6234d6f..f1d029c 100644 --- a/modules/system/apps/adguardhome/default.nix +++ b/modules/system/apps/adguardhome/default.nix @@ -224,6 +224,8 @@ in useAuthelia = config.mySystemApps.authelia.enable; }; + networking.firewall.allowedUDPPorts = [ 53 ]; + mySystemApps.homepage = { services.Apps.AdGuardHome = svc.mkHomepage "adguard" // { icon = "adguard-home.svg"; diff --git a/modules/system/apps/ddclient/default.nix b/modules/system/apps/ddclient/default.nix new file mode 100644 index 0000000..d90ef30 --- /dev/null +++ b/modules/system/apps/ddclient/default.nix @@ -0,0 +1,33 @@ +{ config, lib, ... }: +let + cfg = config.mySystemApps.ddclient; +in +{ + options.mySystemApps.ddclient = { + enable = lib.mkEnableOption "ddclient app"; + cloudflareTokenSopsSecret = lib.mkOption { + type = lib.types.str; + description = "Sops secret name containing cloudflare token."; + default = "system/apps/ddclient/cloudflare_token"; + }; + }; + + config = lib.mkIf cfg.enable { + sops.secrets."${cfg.cloudflareTokenSopsSecret}" = { + restartUnits = [ "ddclient.service" ]; + }; + + services.ddclient = { + enable = true; + ssl = true; + usev4 = "webv4, webv4=https://cloudflare.com/cdn-cgi/trace, webv4-skip='ip='"; + usev6 = "disabled"; + protocol = "cloudflare"; + zone = "${config.mySystem.rootDomain}"; + extraConfig = "ttl=1"; + domains = [ "homelab.${config.mySystem.rootDomain}" ]; + username = "token"; + passwordFile = config.sops.secrets."${cfg.cloudflareTokenSopsSecret}".path; + }; + }; +} diff --git a/modules/system/apps/default.nix b/modules/system/apps/default.nix index a055f17..8480f48 100644 --- a/modules/system/apps/default.nix +++ b/modules/system/apps/default.nix @@ -3,6 +3,7 @@ _: { ./core.nix ./adguardhome + ./ddclient ./docker ./incus ./letsencrypt