From c9157abb81ac9adefdf2a76ea96fab60a664508c Mon Sep 17 00:00:00 2001
From: Crony Akatsuki <crony@cronyakatsuki.xyz>
Date: Sun, 1 Feb 2026 20:30:26 +0100
Subject: [PATCH] feat: use oink instead of ddns-updater.

---
 flake.lock                                    |  8 +++---
 modules/servers/per-server/tyr/secrets.nix    | 13 ++++-----
 .../servers/per-server/tyr/services/dns.nix   | 28 ++++---------------
 3 files changed, 16 insertions(+), 33 deletions(-)

diff --git a/flake.lock b/flake.lock
index 7e40d92..854fb5b 100644
--- a/flake.lock
+++ b/flake.lock
@@ -2274,11 +2274,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1769952554,
-        "narHash": "sha256-TLITbJJsGFAE1JNXo3VH/1nKCDyu+cryj0pdXO1pOY0=",
+        "lastModified": 1769973847,
+        "narHash": "sha256-GqXaMSTGrxDxt/+w9EX5Pmk0azWcuKatA2zIoRxRk00=",
         "ref": "refs/heads/main",
-        "rev": "871f508815e4be9dac0d520200a45f20b3e532da",
-        "revCount": 1,
+        "rev": "8b4b79afd2926ea771ac4d78b2e182e90884b159",
+        "revCount": 2,
         "type": "git",
         "url": "https://git.cronyakatsuki.xyz/crony/nixos-secrets"
       },
diff --git a/modules/servers/per-server/tyr/secrets.nix b/modules/servers/per-server/tyr/secrets.nix
index 53a28d1..93c126a 100644
--- a/modules/servers/per-server/tyr/secrets.nix
+++ b/modules/servers/per-server/tyr/secrets.nix
@@ -30,13 +30,6 @@
         file = "${inputs.secrets}/secrets/traefik.age";
         owner = "traefik";
       };
-      ddns = {
-        file = "${inputs.secrets}/secrets/ddns.age";
-        path = "/var/lib/ddns-updater/config.json";
-        owner = "nobody";
-        group = "nogroup";
-        symlink = false;
-      };
       linkwarden = {
         file = "${inputs.secrets}/secrets/linkwarden.age";
         owner = config.services.linkwarden.user;
@@ -47,6 +40,12 @@
       paperless-ngx = {
         file = "${inputs.secrets}/secrets/paperless-ngx.age";
       };
+      oink-apikey = {
+        file = "${inputs.secrets}/secrets/oink-apikey.age";
+      };
+      oink-secret-apikey = {
+        file = "${inputs.secrets}/secrets/oink-secret-apikey.age";
+      };
     };
   };
 }
diff --git a/modules/servers/per-server/tyr/services/dns.nix b/modules/servers/per-server/tyr/services/dns.nix
index dd7eb79..b3c5c68 100644
--- a/modules/servers/per-server/tyr/services/dns.nix
+++ b/modules/servers/per-server/tyr/services/dns.nix
@@ -90,31 +90,15 @@
     };
   };
 
-  # Setup ddns-updater
-  services.ddns-updater = {
+  services.oink = {
     enable = true;
-    environment = {
-      RESOLVER_ADDRESS = "127.0.0.1:53";
-      PERIOD = "2m30s";
-      PUBLICIP_DNS_TIMEOUT = "10s";
-      TZ = "Europe/Zagreb";
-    };
-  };
-
-  services.traefik.dynamicConfigOptions.http = {
-    services.ddns.loadBalancer.servers = [
+    domains = [
       {
-        url = "http://localhost:8000";
+        domain = "cronyakatsuki.xyz";
+        subdomain = "home";
       }
     ];
-
-    routers.ddns = {
-      rule = "Host(`ddns.home.cronyakatsuki.xyz`)";
-      tls = {
-        certResolver = "porkbun";
-      };
-      service = "ddns";
-      entrypoints = "websecure";
-    };
+    apiKeyFile = "${config.age.secrets.oink-apikey.path}";
+    secretApiKeyFile = "${config.age.secrets.oink-secret-apikey.path}";
   };
 }