diff --git a/modules/servers/tyr/dns.nix b/modules/servers/tyr/dns.nix index 54fcd9e..a92d82f 100644 --- a/modules/servers/tyr/dns.nix +++ b/modules/servers/tyr/dns.nix @@ -79,15 +79,29 @@ ''"syncthing.home.cronyakatsuki.xyz IN A 192.168.0.5"'' ''"wallos.home.cronyakatsuki.xyz IN A 192.168.0.5"'' ''"assistant.home.cronyakatsuki.xyz IN A 192.168.0.5"'' + ''"ddns.home.cronyakatsuki.xyz IN A 192.168.0.5"'' ]; }; }; }; - # Setup duck dns for dynamic dns - services.duckdns = { - enable = true; - domains = ["cronyakatsuki"]; - tokenFile = "${config.age.secrets.duckdns.path}"; + # Setup ddns-updater + services.ddns-updater.enable = true; + + services.traefik.dynamicConfigOptions.http = { + services.ddns.loadBalancer.servers = [ + { + url = "http://localhost:8000"; + } + ]; + + routers.ddns = { + rule = "Host(`ddns.home.cronyakatsuki.xyz`)"; + tls = { + certResolver = "porkbun"; + }; + service = "ddns"; + entrypoints = "websecure"; + }; }; } diff --git a/modules/servers/tyr/secrets.nix b/modules/servers/tyr/secrets.nix index 8dbe79d..33d1a67 100644 --- a/modules/servers/tyr/secrets.nix +++ b/modules/servers/tyr/secrets.nix @@ -26,6 +26,13 @@ file = ../../../secrets/traefik.age; owner = "traefik"; }; + ddns = { + file = ../../../secrets/ddns.age; + path = "/var/lib/ddns-updater/config.json"; + owner = "nobody"; + group = "nogroup"; + symlink = false; + }; }; }; } diff --git a/secrets/ddns.age b/secrets/ddns.age new file mode 100644 index 0000000..e1cf201 Binary files /dev/null and b/secrets/ddns.age differ diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 5198713..fa8610f 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -43,4 +43,5 @@ in { "wg-tyr.age".publicKeys = systems ++ users; "duckdns.age".publicKeys = systems ++ users; "glance.age".publicKeys = systems ++ users; + "ddns.age".publicKeys = systems ++ users; }