From 3b2e87acad34a9a8f60e1b0cd494d8fc74ce7c8d Mon Sep 17 00:00:00 2001
From: Lucy Hochkamp <git@xyno.systems>
Date: Tue, 11 Feb 2025 05:29:27 +0100
Subject: [PATCH] ds9 dyndns

---
 hosts/ds9/default.nix | 21 +++++++++++++++++++--
 secrets/ds9DynDns.age | 19 +++++++++++++++++++
 secrets/secrets.nix   |  1 +
 3 files changed, 39 insertions(+), 2 deletions(-)
 create mode 100644 secrets/ds9DynDns.age

diff --git a/hosts/ds9/default.nix b/hosts/ds9/default.nix
index b67b8fe3..962a8be9 100644
--- a/hosts/ds9/default.nix
+++ b/hosts/ds9/default.nix
@@ -120,8 +120,24 @@ in
     ZED_SCRUB_AFTER_RESILVER = true;
   };
 
-  services.tailscaleAuth.enable = true;
-  services.tailscaleAuth.group = config.services.caddy.group;
+  # dyndns
+
+  systemd.services."dyndns-refresh" = {
+  script = ''
+    set -eu
+    export PATH=$PATH:${pkgs.curl}/bin
+    ${pkgs.bash}/bin/bash ${config.age.secrets.ds9DynDns.path}
+  '';
+  serviceConfig = {
+    Type = "oneshot";
+    User = "root";
+  };
+  startAt = "*:0/10";
+};
+
+
+  # services.tailscaleAuth.enable = true;
+  # services.tailscaleAuth.group = config.services.caddy.group;
   systemd.services.caddy.serviceConfig.EnvironmentFile = config.age.secrets.desec.path;
   services.caddy = {
     # ragon.services.caddy is enabled
@@ -232,6 +248,7 @@ in
 
   ragon = {
     agenix.secrets."desec" = { };
+    agenix.secrets."ds9DynDns" = { };
     user.enable = true;
     persist.enable = true;
     persist.extraDirectories = [ "/home/nia" "/var/lib/syncthing" "/var/lib/minecraft" "/var/lib/bzzt" "/var/lib/rancher" "/etc/rancher" "/root/.cache" ];
diff --git a/secrets/ds9DynDns.age b/secrets/ds9DynDns.age
new file mode 100644
index 00000000..f4d1e6c3
--- /dev/null
+++ b/secrets/ds9DynDns.age
@@ -0,0 +1,19 @@
+age-encryption.org/v1
+-> ssh-ed25519 IbXxfw AxVKibMvc6h8flrgDlmdyla6ANJJq7fPpnQ3LYWIKXg
+5n7TSqqtVl//5cTAid1zVEPdqCgfC0Vu+BiMvgtkWk4
+-> ssh-ed25519 ugHWWw NOHE1pVgV1clNeWb6Cw5y22b6cZ1vjbJDfiX+30AUjM
+qbuqKwxA/7Rrc2F9SDOoTt2ak4nuJmPMru6dA7UNW2w
+-> ssh-ed25519 UU9RSA xZ9b1KBUnbvWuHE9ku0ylMdRr4mi8hZjh4yh5NCNvg4
+CUJMmoy4yFlpUgA03nUQA0yl+/gEpn7xQEzdh7OK99U
+-> ssh-ed25519 RJI3BA 0cHdWDJgTG8K/EMNWDBhxilK5ZUgYSdNN5IsJ+PYNXI
+X2+PCv1b9aUh7k4qsXKUzENCOZ1Pqw4fvBXCazwg6po
+-> ssh-ed25519 XnvJKw DdSjpCWP99aoTs7Cd20wpF9mGRM8PGotDSd/f5I2jy4
+51DA/NkUWgGa1gjLC2hmrTqaSyxrYg3qi22kiNH9y/M
+-> ssh-ed25519 7NL5Ng OeVljQJFNNIavuYhULz0KOv2TuPrtEtYxkpqzrdbOz8
+aqOgoP32B9coQ22uc7w/lcN/bAjOy45kYJdYNBjnYSc
+-> ssh-ed25519 5Sll2Q XI+5oCuwwfrLwrN94Q3rcycC8N3gcxfU+EwvE2OQpCc
+CL8oqRys9d6/n/GmAD7V4fAszhFzMvQVwUCSbHhlpVc
+--- foSQFj0POcMtGE1cOSJo0Zz+D/xMSTDAz3dmUlwbM1E
+íq´
+Vár8X ªÁ‰uïütƒÃm-ƒÄÂ«µá|Ý¬­Š–Ñ­$áEWÑÛÎ‰©Y_X“MG‰î¦rµ‚^:ñrs©÷¢þ~¦bsvuOHB†Æg!óãÆª>æ(HZ+2ÃsnþF
+¿·ŸÀ÷ô û*´³YÅ‚Vn8ÿ#S°[÷,=§òÔë¡§¸ÖíÃSFðâþÞôG7„1¹g”	ÀlLìàSË
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index a3c2437f..e6cccf2a 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -17,6 +17,7 @@ in
   "photoprismEnv.age".publicKeys = pubkeys.ragon.host "ds9";
   "ds9OffsiteBackupSSH.age".publicKeys = pubkeys.ragon.host "ds9";
   "ds9SyncoidHealthCheckUrl.age".publicKeys = pubkeys.ragon.host "ds9";
+  "ds9DynDns.age".publicKeys = pubkeys.ragon.host "ds9";
   "ds9PostgresEnv.age".publicKeys = pubkeys.ragon.host "ds9";
   "ds9ImmichEnv.age".publicKeys = pubkeys.ragon.host "ds9";
   "gatebridgeHostKeys.age".publicKeys = pubkeys.ragon.server;