From f37caabca1f8c19e89f9033a38bd20584a9d0416 Mon Sep 17 00:00:00 2001 From: Crony Akatsuki Date: Wed, 15 Oct 2025 20:35:37 +0200 Subject: [PATCH] feat(tyr): move away from duckdns. --- modules/servers/tyr/dns.nix | 24 +++++++++++++++++++----- modules/servers/tyr/secrets.nix | 7 +++++++ secrets/ddns.age | Bin 0 -> 1493 bytes secrets/secrets.nix | 1 + 4 files changed, 27 insertions(+), 5 deletions(-) create mode 100644 secrets/ddns.age diff --git a/modules/servers/tyr/dns.nix b/modules/servers/tyr/dns.nix index 54fcd9e..a92d82f 100644 --- a/modules/servers/tyr/dns.nix +++ b/modules/servers/tyr/dns.nix @@ -79,15 +79,29 @@ ''"syncthing.home.cronyakatsuki.xyz IN A 192.168.0.5"'' ''"wallos.home.cronyakatsuki.xyz IN A 192.168.0.5"'' ''"assistant.home.cronyakatsuki.xyz IN A 192.168.0.5"'' + ''"ddns.home.cronyakatsuki.xyz IN A 192.168.0.5"'' ]; }; }; }; - # Setup duck dns for dynamic dns - services.duckdns = { - enable = true; - domains = ["cronyakatsuki"]; - tokenFile = "${config.age.secrets.duckdns.path}"; + # Setup ddns-updater + services.ddns-updater.enable = true; + + services.traefik.dynamicConfigOptions.http = { + services.ddns.loadBalancer.servers = [ + { + url = "http://localhost:8000"; + } + ]; + + routers.ddns = { + rule = "Host(`ddns.home.cronyakatsuki.xyz`)"; + tls = { + certResolver = "porkbun"; + }; + service = "ddns"; + entrypoints = "websecure"; + }; }; } diff --git a/modules/servers/tyr/secrets.nix b/modules/servers/tyr/secrets.nix index 8dbe79d..33d1a67 100644 --- a/modules/servers/tyr/secrets.nix +++ b/modules/servers/tyr/secrets.nix @@ -26,6 +26,13 @@ file = ../../../secrets/traefik.age; owner = "traefik"; }; + ddns = { + file = ../../../secrets/ddns.age; + path = "/var/lib/ddns-updater/config.json"; + owner = "nobody"; + group = "nogroup"; + symlink = false; + }; }; }; } diff --git a/secrets/ddns.age b/secrets/ddns.age new file mode 100644 index 0000000000000000000000000000000000000000..e1cf20186db7304a9f5921c0efe293bfd75f8978 GIT binary patch literal 1493 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSP3NXp@E>}qP^$Jak zax~31&kpr+jS4g!r3v&Bh%5(r!+V<#~`e%AknNME1xT(EUV11qQu)L$tg3}tI{hxy*#Zn zC8EgGIm$UO)7iz#HPp#nJEAJJBpKZ{b8S;^<3I(2Ea#Av#H=Lef=~m`!ZQ7cv}~jN zRAZCGh~g~gAWx@?$l}s~axeY7pg^vYlytX(fW$0)!<1C>R1f1!uYzn-gYra+tX$uq z#5@BFA1CKjmtglW0}Q|Umm7q*mn-C(1r_9)8#@)ag&KRBSUMY~S{fv2XZj_l2Znn) zmiro*yA@`621L44=5uA4`4k&g8k$r_geDs1q?!9Cg}8WnG&I?#I54NgC&R16 z*|Nw#BbzHQBO=toG|<)4!r!pe#kkNjzbvYv-J;JjfpwQ9VG0`BY$QRwV z!X#hsqCf>>pJLbi^wN}M7uVpx!0e)={Ia0XaP88RvO<&Wsv>=Z^t_y;VC^u!AWyCc zQ}^WXqHxzz&m`}x@I;Hq;4*iMP#4FNj0&#`zv6N)gQzqg15?Y0WLI?Cq6~5!tI8EZ z0#e{T|5%YQnJi^OmjoModUU{QUZhh{30ui zGWAPJ0?dL8Bg)GHl8a1z1M<_utBiv(jSG#O{JqVxaxqegyI)jfP`W}ufTwqQa%8zj zVRl$pxM{FSR)lk*dt|9=xp8S#pk<}8k#}iml%JE4y9t+UVfUPMLD|P(o*!Jd;%4`L()=9Gc6n)oqP)&L;M0O zicMU#wX=*Wvb7@$ys~mET}&MF9IL`Ssyw+e@{7!poQ=%2EiFCD9E-C29WDLMB2%LL z3jK@qGb=KD^UWO{Jxa1lLM+g2s|s|=j4D@fa|+P*PxLGcDl@SttOyBkbtx$b%&I6( z3C;@B4>UF?&(t=k2ug}5F>>SzEzAmX4>9np%8SwtNbxo^HOg=^vMfvv^-8x4$aXFA zGWPeWa4ah+PA})u)zwwdE(s0{EiuY3C`mVqbdBHhb>hL=0KUG!|4|D(IrRDF}{Z%dai)mf1W$Lb%Kh{{CUl<$qJ>ialv z*6M4w1&*72?A@}?WBHZKLQ%qowkr;a#rrfEO*y|r=P>`@WtmG}noM}R{f^JM)=yvF zemo`pO0e}w*pmgK#};1y*l(TC9K3h^M}=nddxi23gqA&gW&6)~_ImaL#j79H-#)f> plxGW{^K|RGre%H;txILYTH7Wq5SQ8ddF7#1TCPjXH(1_U1OSgq7H0qe literal 0 HcmV?d00001 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 5198713..fa8610f 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -43,4 +43,5 @@ in { "wg-tyr.age".publicKeys = systems ++ users; "duckdns.age".publicKeys = systems ++ users; "glance.age".publicKeys = systems ++ users; + "ddns.age".publicKeys = systems ++ users; }