From bf4f1a43e5d722baa6c43d8eedf96f5e8ba5a12b Mon Sep 17 00:00:00 2001 From: Aspen Smith Date: Sat, 21 Sep 2024 11:37:43 -0400 Subject: [PATCH] feat(aspen/system): Reinstate ddclient, migrate to ogopogo ddclient is back in nixpkgs and nixos[0], so let's just use that, and remove the backported package from third_party. [0] https://github.com/NixOS/nixpkgs/commit/8a8ec36615daecf2705cab80c3a926a0590eefff Change-Id: Ib14ab68158a6799c78d71e3bea63869ec9fc1a48 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12500 Tested-by: BuildkiteCI Reviewed-by: aspen Autosubmit: aspen --- third_party/ddclient/default.nix | 12 - third_party/ddclient/module.nix | 230 ------------------ third_party/ddclient/pkg.nix | 45 ---- users/aspen/secrets/bbbg.age | Bin 733 -> 598 bytes users/aspen/secrets/buildkite-ssh-key.age | Bin 3883 -> 3833 bytes users/aspen/secrets/buildkite-token.age | Bin 623 -> 483 bytes users/aspen/secrets/cloudflare.age | Bin 450 -> 409 bytes users/aspen/secrets/ddclient-password.age | Bin 429 -> 360 bytes users/aspen/secrets/secrets.nix | 2 +- .../secrets/windtunnel-bot-github-token.age | 18 +- .../aspen/system/system/machines/mugwump.nix | 14 -- .../aspen/system/system/machines/ogopogo.nix | 24 ++ 12 files changed, 33 insertions(+), 312 deletions(-) delete mode 100644 third_party/ddclient/default.nix delete mode 100644 third_party/ddclient/module.nix delete mode 100644 third_party/ddclient/pkg.nix diff --git a/third_party/ddclient/default.nix b/third_party/ddclient/default.nix deleted file mode 100644 index 28b036ea6..000000000 --- a/third_party/ddclient/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -# Users of this package & module should replace it with something like -# inadyn, after https://github.com/NixOS/nixpkgs/issues/242330 is -# landed. -# -# TODO(aspen): replace ddclient with inadyn or something else. -{ pkgs, ... }: - -(pkgs.callPackage ./pkg.nix { }).overrideAttrs (old: { - passthru = old.passthru // { - module = ./module.nix; - }; -}) diff --git a/third_party/ddclient/module.nix b/third_party/ddclient/module.nix deleted file mode 100644 index c8d68f9be..000000000 --- a/third_party/ddclient/module.nix +++ /dev/null @@ -1,230 +0,0 @@ -# SPDX-License-Identifier: MIT -# SPDX-FileCopyrightText: Copyright (c) 2003-2023 The Nixpkgs/NixOS contributors -{ config, pkgs, lib, ... }: - -let - cfg = config.services.deprecated-ddclient; - boolToStr = bool: if bool then "yes" else "no"; - dataDir = "/var/lib/ddclient"; - StateDirectory = builtins.baseNameOf dataDir; - RuntimeDirectory = StateDirectory; - - configFile' = pkgs.writeText "ddclient.conf" '' - # This file can be used as a template for configFile or is automatically generated by Nix options. - cache=${dataDir}/ddclient.cache - foreground=YES - use=${cfg.use} - login=${cfg.username} - password=${if cfg.protocol == "nsupdate" then "/run/${RuntimeDirectory}/ddclient.key" else "@password_placeholder@"} - protocol=${cfg.protocol} - ${lib.optionalString (cfg.script != "") "script=${cfg.script}"} - ${lib.optionalString (cfg.server != "") "server=${cfg.server}"} - ${lib.optionalString (cfg.zone != "") "zone=${cfg.zone}"} - ssl=${boolToStr cfg.ssl} - wildcard=YES - quiet=${boolToStr cfg.quiet} - verbose=${boolToStr cfg.verbose} - ${cfg.extraConfig} - ${lib.concatStringsSep "," cfg.domains} - ''; - configFile = if (cfg.configFile != null) then cfg.configFile else configFile'; - - preStart = '' - install --mode=600 --owner=$USER ${configFile} /run/${RuntimeDirectory}/ddclient.conf - ${lib.optionalString (cfg.configFile == null) (if (cfg.protocol == "nsupdate") then '' - install --mode=600 --owner=$USER ${cfg.passwordFile} /run/${RuntimeDirectory}/ddclient.key - '' else if (cfg.passwordFile != null) then '' - "${pkgs.replace-secret}/bin/replace-secret" "@password_placeholder@" "${cfg.passwordFile}" "/run/${RuntimeDirectory}/ddclient.conf" - '' else '' - sed -i '/^password=@password_placeholder@$/d' /run/${RuntimeDirectory}/ddclient.conf - '')} - ''; - -in - -with lib; - -{ - ###### interface - - options = { - - services.deprecated-ddclient = with lib.types; { - - enable = mkOption { - default = false; - type = bool; - description = lib.mdDoc '' - Whether to synchronise your machine's IP address with a dynamic DNS provider (e.g. dyndns.org). - ''; - }; - - package = mkOption { - type = package; - default = pkgs.ddclient; - defaultText = lib.literalExpression "pkgs.ddclient"; - description = lib.mdDoc '' - The ddclient executable package run by the service. - ''; - }; - - domains = mkOption { - default = [ "" ]; - type = listOf str; - description = lib.mdDoc '' - Domain name(s) to synchronize. - ''; - }; - - username = mkOption { - # For `nsupdate` username contains the path to the nsupdate executable - default = lib.optionalString (cfg.protocol == "nsupdate") "${pkgs.bind.dnsutils}/bin/nsupdate"; - defaultText = ""; - type = str; - description = lib.mdDoc '' - User name. - ''; - }; - - passwordFile = mkOption { - default = null; - type = nullOr str; - description = lib.mdDoc '' - A file containing the password or a TSIG key in named format when using the nsupdate protocol. - ''; - }; - - interval = mkOption { - default = "10min"; - type = str; - description = lib.mdDoc '' - The interval at which to run the check and update. - See {command}`man 7 systemd.time` for the format. - ''; - }; - - configFile = mkOption { - default = null; - type = nullOr path; - description = lib.mdDoc '' - Path to configuration file. - When set this overrides the generated configuration from module options. - ''; - example = "/root/nixos/secrets/ddclient.conf"; - }; - - protocol = mkOption { - default = "dyndns2"; - type = str; - description = lib.mdDoc '' - Protocol to use with dynamic DNS provider (see https://sourceforge.net/p/ddclient/wiki/protocols). - ''; - }; - - server = mkOption { - default = ""; - type = str; - description = lib.mdDoc '' - Server address. - ''; - }; - - ssl = mkOption { - default = true; - type = bool; - description = lib.mdDoc '' - Whether to use SSL/TLS to connect to dynamic DNS provider. - ''; - }; - - quiet = mkOption { - default = false; - type = bool; - description = lib.mdDoc '' - Print no messages for unnecessary updates. - ''; - }; - - script = mkOption { - default = ""; - type = str; - description = lib.mdDoc '' - script as required by some providers. - ''; - }; - - use = mkOption { - default = "web, web=checkip.dyndns.com/, web-skip='Current IP Address: '"; - type = str; - description = lib.mdDoc '' - Method to determine the IP address to send to the dynamic DNS provider. - ''; - }; - - verbose = mkOption { - default = false; - type = bool; - description = lib.mdDoc '' - Print verbose information. - ''; - }; - - zone = mkOption { - default = ""; - type = str; - description = lib.mdDoc '' - zone as required by some providers. - ''; - }; - - extraConfig = mkOption { - default = ""; - type = lines; - description = lib.mdDoc '' - Extra configuration. Contents will be added verbatim to the configuration file. - ::: {.note} - `daemon` should not be added here because it does not work great with the systemd-timer approach the service uses. - ::: - ''; - }; - }; - }; - - - ###### implementation - - config = mkMerge [ - (mkIf cfg.enable { - systemd.services.ddclient = { - description = "Dynamic DNS Client"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - restartTriggers = optional (cfg.configFile != null) cfg.configFile; - path = lib.optional (lib.hasPrefix "if," cfg.use) pkgs.iproute2; - - serviceConfig = { - DynamicUser = true; - RuntimeDirectoryMode = "0700"; - inherit RuntimeDirectory; - inherit StateDirectory; - Type = "oneshot"; - ExecStartPre = "!${pkgs.writeShellScript "ddclient-prestart" preStart}"; - ExecStart = "${lib.getBin cfg.package}/bin/ddclient -file /run/${RuntimeDirectory}/ddclient.conf"; - }; - }; - - systemd.timers.ddclient = { - description = "Run ddclient"; - wantedBy = [ "timers.target" ]; - timerConfig = { - OnBootSec = cfg.interval; - OnUnitInactiveSec = cfg.interval; - }; - }; - }) - { - ids.uids.ddclient = 30; - ids.gids.ddclient = 30; - } - ]; -} diff --git a/third_party/ddclient/pkg.nix b/third_party/ddclient/pkg.nix deleted file mode 100644 index 586f3891a..000000000 --- a/third_party/ddclient/pkg.nix +++ /dev/null @@ -1,45 +0,0 @@ -# SPDX-License-Identifier: MIT -# SPDX-FileCopyrightText: Copyright (c) 2003-2023 The Nixpkgs/NixOS contributors -{ lib, fetchFromGitHub, perlPackages, autoreconfHook, iproute2, perl }: - -perlPackages.buildPerlPackage rec { - pname = "ddclient"; - version = "3.10.0"; - - outputs = [ "out" ]; - - src = fetchFromGitHub { - owner = "ddclient"; - repo = "ddclient"; - rev = "v${version}"; - sha256 = "sha256-wWUkjXwVNZRJR1rXPn3IkDRi9is9vsRuNC/zq8RpB1E="; - }; - - postPatch = '' - touch Makefile.PL - ''; - - nativeBuildInputs = [ autoreconfHook ]; - - buildInputs = with perlPackages; [ IOSocketINET6 IOSocketSSL JSONPP ]; - - installPhase = '' - runHook preInstall - # patch sheebang ddclient script which only exists after buildPhase - preConfigure - install -Dm755 ddclient $out/bin/ddclient - install -Dm644 -t $out/share/doc/ddclient COP* README.* ChangeLog.md - runHook postInstall - ''; - - # TODO: run upstream tests - doCheck = false; - - meta = with lib; { - description = "Client for updating dynamic DNS service entries"; - homepage = "https://ddclient.net/"; - license = licenses.gpl2Plus; - platforms = platforms.linux; - maintainers = with maintainers; [ SuperSandro2000 ]; - }; -} diff --git a/users/aspen/secrets/bbbg.age b/users/aspen/secrets/bbbg.age index ebc0df23389894a0562507f47eef8c005cc4e7f2..d8294b047191113c4b2e4e646094c9b9ff94a291 100644 GIT binary patch delta 545 zcmcc1dW~g*PJO1EQGRxoXSTO@Mp~3nx_N#|m4CKnYI3G=T1iGph;d++caC|1L193a zCs##gl9y*cABMSdT~Tnh+9;?VQ!JWOQnlxj(f6yq?u>2 zZ>4KmgmZW~S7>H&WS)0wT5yi9r@zNzTQ| zxs_&FiA4p8IR*ZH!7fE!Za&VQCT^K&`H3m|nSo{IIX)%9xyA-uy1Kdw##vz%<>8T) zPDYkKIof&7PR0>cp}yv(spYbQ`Ju%|+6E!TT&aF%1Y8pgCZ#k!-u*1e z#`^O9@FlxEUQAwS*54WH{-al1Qu5j(*+V7wyc)CEUnI4$WM96T9(^<;$o^$XTq&#L z>4vQ1ybD;1+*dg1ysu}A^*wvEHtMbC`j)!e7&CSq{9AR}w@m8Rju}ZWxnrk? z`rK1^7?8gG%~{roXD3}3w9t-|{jeu;BlF3#`7TF3g*}+LV|D34DW|KhGBuYX1wQPs r@iDBvz-`&8y|HTPuSdyCPULelX`MJYXYH}GHT);Ob4EWjE_n?A^Rd-l delta 681 zcmcb{a+h_2PJKwWp;44)SVU?`Sx||Gv3r4wWtc%)ny+?nkY#9LYNc7QzFUQfdr)e5 zF;|geT5?{FS#eZyUQvZdxW0*7Ww4)1x?zZ8L_n&xTT*6dcu`7VRZx<-FPE;JLUD11 zZfc5=si~o*f=`;0TT-BcpKH0Nvr|@Zn14u-dzNQx z#E;_j{uQ28iBXxAAqJJHW(G!y$(1?g=I*H`q5g^P+TpoHiC(^0kpbyOW$EQyIiZn3 zQ3d9H>A683VaBOtzQ##L;m%3vxz3Ij+9_s9SvlqbUM0op?#>1vpTw#=dl;t`dh4ba zr6v}qDyUW{=-Cx1B$VV8`;@zJd3t1P2iB(rloaRXr}|m>N5qMB@-MV43wnV35khG$uNW)%7-1sXUSc$b-$nb&9f z`UQm<<$0Q!`KP*jI)-wY+-Bas{q_$>e$6Fs?yn9i`SLEd=6JBzlLY^V3>zF2=kWau zu&}mE3ZLp#tMKFP3j3Yf=B_4X{M#EX($2U{ec`!$c8;OhsVeo}ZC~#s@fUaXi8hG%F~aVk*S<#5FnY$d*o-T V?(2h5D%;t6I>nxGU9YkK1pugS{LcUY diff --git a/users/aspen/secrets/buildkite-ssh-key.age b/users/aspen/secrets/buildkite-ssh-key.age index d9587f11df4b02030767a759fabd06ad529754c8..062be3b9bd98e930b34b4c017a6e640cbf3d267a 100644 GIT binary patch literal 3833 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCT4F7R?n4^+@ktFW*r z%1TPibq>r(bPUNawe&D6FfY;94lD97_jOE44>GI>4Ry{5bL7e~cdQCA%!+W)PYw;V zOm__mjB?KfN&5F}OhA(mg6TBAd%3CC%43EIHjTAlp|zBi}czs3apK z)6~==JvY(V%P7|}FyAOREF~)_qa58f_f%K&;y?upBa?DpUytbf-?S`O=Sq(<1LNYzFyrE6i>$oD z2zMv{47c1ur-F*&sAMi(U0sDL-wfA+$dnKhKgVGI(u&A*%RFO~+@#R#Vn2hTAOp9M zDi^Z=?*NY!%X}{GI}+Vz)<6EZW?t{COR2Y=eU51vsanHh@m2MVWQ9wUz%@O?Y4v%eCuYd)E@~*0o!g7Ox8`m}2<) zYJbY9OuM~{%#VjEepB%GGBL4jD|Bwno5_Afcj_6BIPq%EM?L=16TT_Wd;7?RY4To+ zsV;}+SGF9F`RAo3T;<$$P+8IC@OQJ7$=}vQ=UH?A{_%9lF7t9z{y475Y9*HgYOh@1 zYu%6#CzI{F_H;^n!30Kw5KrIPmFqkkeb1g3*t@p$w5#K$s*A6~66`IcUb(U=wscj7 z`PbYQwVJ%PwS}=V?3JrubYhQid$y4LlD&5mW=Nd!&OB@RWo2`nTkNYM-?fVuF<30& zj@e%K@Y>ofyJA*&vu8ELu6bgq|LckLS?!e94ZH8`DgIe0I&qfr{f0+NXSc5rWPe?B zA-G}7<>MDmDpxBl+{EitB)Qk5zhL?ft_ci%UhSbzrnQ-FoG8$8l=Z;36YatZ7vpX? zeP8ioiQ*kTzo4U5GxsmDa&-{)-^o{(v0Y#g_`tM$^GOoJ)s z-)zb8yjnhM<&=B|nIrCzyR59waU9+h6CHn5-eIMHzD1{6?CEJIXYo(>ax#*TGt~I-sj0nT;6)`y(nmBHn+w?mtk)Z za}~=~tE1gX`8(x)*YZE%mT!yNzOQo9Q_h{rE1zfQ#LD~YO)KJlr=zqwrRvAKSvlhE zZOdbn&xJ=fac7*{S><#^a{n$apVhYnKRMY?-FZbQbI-!k6(Ke$2blSu$9^lSc)4rl zwG##lTe>b;C;z;ib-$0@{_3Sv%g-AFc0_D5UA6M~ud2DH_q9|^{Cbl|dMm@TaNELF zbE1~M@_tyze8zQsyxs1J$#eQ+L){wZy6)%*(~XOCe0ZQ-zc;%=r~2~0C4A}cw#)0S z%sD3Hk-V_-_C#H`|NSjbCQ8UR>U4h)eOuV^ewKN1rr_zL>rZ!Yt3MRNDY;Jn$xWNv z3BIcS%;)&_^Vg*P-9KC8iuE?{YbkT4J>m4%IAkrHE&Vp{QQ$Va zlkUosUS~bv7Z%-QPaGeS$qe)A&zv$P%8{YZCdz#L_dq-%@crKtMj@H3#mr^$ElpPhnmvLf zCf&UqU&43cSL|~|(YKaII3`9&-z{hPVRvQXlpsfz`JBrVp8pAac}ya>{DAgh+d@H= zy`NTvwiJ9m_&)ynN%kGgV*9o+XvlK2Y>_DAo2q5wq`lD+LIyI}6OW;d*wdB3@E&)oIxP$TPxWlJ^fsyI)WDm^$?ujd`RlTZh08bL&ORTq^hO1du%!AF>le+-xaok zQ`G!LkL`Z^*DFNd%VdqI3hTQFMJB0kuhNta7N7svYE5o3vshxhpluS zeq8)`qu6xA==Q6BuRM5gGI6G2@*d_)*XvqdOW1v;7u;M?d;B1u$O8q{ zyg6^Sm+zaHbNJ{V-XBh{x}Qvp2~G&KoFRKR{Mdo%j=RI-BE8QVZHlfldDEQ|z4+`R zJ%3{@@9=WlEsrzbDwX!$nR97PaO-ELe~Y=5nT;G01KylJy`*?q)5d*rhus~Lf8XLO z`8z)?bMg1>+4*Yy)}A6$t4cNhzT2#vx$5%QJ7HG}oJF0cPsj;Rh|vyI%~PMRwepkg z#F|&LQn(!$TV5ai6Q*9pAbgrXk-zy5gE52J+Z!A6ni84s?96Z#p5bm_)1r7RbhQExDtIESr>rU6Y@ad9B*{O$jrV1s z$3D?^t$&ukzaLsU)9A&i^ruEg*8fUtNNy5&$!TfAVvxYe`q@6k-y)(iY|flpk;)$w z-8&Zjovzh;VDi!B+`rxCyUHCBS(meFeb$MMM;|c0QdD?mP=0;S(Uwrd%H)Ne{f@nh ze*2qE;Iwl1a>4aS^)wfmTlR|SUPtEiugHzxwe0QltW#pgS`LTp4cPSMWnE<~pIYMX z6Yh+QbhP$mh;8cm63$TEe_|bzk<9hk2KNn~RD7+S!@#p@TMc8g=gY8@TFPhVPTkXR z^SBFxL1{%Yafw0MTK zdGs&7(vs$#g`2H;E3iBAn{PA%)gEeTdZHFUJOZ>-XeZFPC~!?n3)-0Xx%wg z#>07OxmwbZyHd7SM2X*hR&%@1WR+f+!R0HLzHC1cTcKAc!uz=DPO{_alRa00OxwLb z{Z&4AVWQUCx6hTOQ?F~(9gg0=zw_3c4fjrD7A4Eho)U6)<>km$wT}5^Ia8i}vtDkn zD0-nuR5su3r{8@;N*5k1&N}tKHH`c57g;`UiRg|y$1S4T8fuxCJ(Tr@Z}VjRRgJFW zXW39w?6%-yYM`Xvv&xl=rRUG)u`qCY7rJ`NwwL@2s|CXf*$n?Hes&DhadC7>44gP6 zAzwrEru()I-On-?zA=6aOFQ+Vlg;&WpuEoYZA$kZKmM^MKE{2TdfdTEkE2dPr+MB; zefSx=dCITlwZW2!e^&S(UK9Cd>XT2c7aVOCPd~|8_AlYNtO(1>IcygXME%%!%JHn~ z)%OZjN0d)DBxVRrOZvUf88$Hydy8m&xxaoPf1>Vn+9W4hMnk4^OtfG zM!7Xkzdy{$mH**Y$D?@kbS6jovq>k_en0%r{5Ll;aO%|~8D29sS)D%AJVVrA!j6=k zFIC0+ZRc&v7BPLG&fFj|B2_a zG5cdBCdGOvU(Nf^y{t0s;=AgZbH6zz@2)xb_PY5=i_~d<`{sS_-j&+cTd8xYb7|I^ zJ>G{O95PJX*FW2dmot6i;$Fa3P~ zpS|5Zm+ zT`{IpLJV(zD(Bc>yEp3YRUr}Mh;FMt$0x=y^W0(!$q2}LyMtGA=i8Nc_CC{}b5Y`> z|Gl_99s9zj1xHQ1tzLKj?effv9!q_bKW41Dx40%IDJ77r#*A(6*`_IV*@CrQcQj7( z#d6L#wDIqG{;fB!J5`tbjkFDozUs<#n0)@4nb?roZrpErM-^vf+#S*zZi z5nO$8{hRC~K2!YN-07u2lX@$O5(bXQFe{+r8EXFL|{ zJUPwRiS^IVjKxBmEBx=TeuiGcenMm7QVfDI8^N2tlLwBzs-2`#n5ZV^^=c&RC8^Lo_#=0|JvyV zI+8aHQ}1qY3@?}}=Wns-R>qm*-=i-GI7EALN*xjH%HGs>^`)cP9ft{D!sjH-zqn&5 ze~QA=s6@LC{lZnhZm?}Rc(hf*U-Gc+t6Za64b$JB-KN#1GT--6pTxORW{*RL;K4-c zF7{~$i&i~yl9R7EaB}Jz+ra* zi+@)NztYQObE~j$5I?@5o74G&uBGB0ru$Y+N9M{orB$7I{%mJ@h1db<8M$S`6U`TP zg{)apa9(TDOMi)&hd%{YZND&aw{51j*oqyc>R%K-zgju}t2Fbc3O?tTTbCCFsqfKR zblLjx>Z$+r9o218(xfa8PTp!zvh~hc##cY$JKR+R-2!vJ^)dW=t9f|Qk091bPq#@d z%uJd0x8Z6jQ(X4UoXhFoUbhQ{98cjqbv#w**7;`VAASGAzI~B&TE}E_cJraVta}U2 qUHYIj@7o8X$F0Rbg4X|fv^2sq_3#`v)98!U`zD^BD=c(T{4oIKs|Wr7 literal 3883 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCT4F7R?n4^*%;3~??m z@bmBuF7)>IC{8K#2sJTGt12nWPAkpLH?J&7PtG?sa89bq2;@quEGWvZG|TW#OK}U$ zDGN&WHmb-d%g^()%rUmeur$oG%uLcZPfamQGC{Y^C(X$%DNrG|ARsV3I54WrtTH9A zATcb(IJh{-tso*d+p)yA+`B?Qy&@|jBq$&#GoQ=2%+E6@*EO=JEYvM2Ke!~_A~`!e zJjXX!+cnt2JHpjDIj_(wyudTRzyjSi_f%K&;y?wroD9=k@6g<&)MCFJ!-%|6A0xAD zgCZxFkRtu6K#StADub+yu$)ALObaeYj{v8nDt~9!>@1g(N<+(J?abhc^nkS7tTg|q zN`qW&7t0_w3qymPoP3aNl^(k3MX8C!sS17yPGtsO)ny8mZkmclL3vye;T~D~Q7QT5 zE+HoAev!fDnb};ry1EKRC0Q;d;ob%M<(?^y$=;6X7L`G+QQ`XDrrM_AZf*v?$rk3? z`G%(MMfqHpn}5r_bbF>(DDIUjzFXbhd$Q!+tLMDSjW6sJ4=z>ZQkrq5;9qI0!ipt_ z_pFcG_3`9WrOW>qJ{@=bFzf1JMJAKH@H=NE@?A3Aj~e}8UKGtP?9U#*WXu1JRWp>X zceQ6NIXNNwu)m<-xeb?^MB`aFzAsxQ$uw0~;q`szZN9U2vNlvPDSYdDyZFBTk)BGS zHL}qP>_VQ&uBuuyszT43maHx`sjOs(OL+M9qEkV4xZ};qHtrfSUk(Q;N9(3&$;Vrq z-YzToyn-`LLa5i8|FQP1SNDW&{n`KRxb>Sww^l5hR&j;-)Vi~i*1LIn>E!cxxKS*|b7vD|ZYJ-3GKAGhz?)5LvBggxrN?|cxc=e=c@ zkapywf_v|$sTM9ht+(RP&Z7^fTgUsxFIp1fSAIg8N1<41(=zKSfxjzM{z{AfTzhiH zsjgoSoH=|1PyLFYdqtyE-eU9TOy-4=Vkh@>Eo}Y#@?qs#c3B6v12Z`*>ll^uo!%ud zILz6&mp4xJip#?XyZ^ZSFqJ8{WP0ir8+oHi-M4XJ6z7eOIWyT)q`7A1{NOmpX4dV! z;uQa)Z>s}W{L9-X5S}?r>uqJW*nGv^{|>t*d(8uL6 z`lJ``b)#FMEXgQkme?!f9E)je9W@u$p3y1RlL~Zuo%zVw)na?f{I5;#%+)68O*9Hq zh`J;7#&!7_*H3!4O}EQy+)JNeXP@)0?1O2C{u(cRcHqr{{Fv!- z@1$0Xf9ZeWGg)rO%4Ri_<*f1r`y>)#j_cPp*y;u-x;KhHR{p?xal6^+e#QBBvbvHU zKj+^*`}4BwbNh}m_ANX

y(lzl-`?EVnB++;7v{uQ%_cd33uM1f=U(zsrM-rF6PhW23UH27V z4sd?lro(w?`@8GyuQVAs&nm2o#5ynA&?PS~`I4|nbs z&-2;BzL3Yg@LAH8d$-(WiaWQzZeROn#l^Wh4Q5SG?l)*|LO5p zp{O~LtpBIBh&Y_!{W>v%KcMaR_rN*xjvX@8%1ufU6=ba~JCW5t*Z5GnAJ3t-^liIV8923tBHZ9>>Vl;pK)8H=o~s*=@Daj!>ZxA=y21Uy5EhlD9%ZrT2RV=kae(ubTch zdA{0d?)&@&_K&uob#M)z|5n=~$fMUjGQKru!tXP$O0P}I|NS}h!t^Ujd4)%N>b;5- zwmJQn{FQsXz0J?~Pt_|6-(9RQUUEk*+_miQVV$$D?0Ii|6leV5;k$O}uU!qZZaEc* zINGi__Ax&5R<>uoZ>!Rhbz3hgO(>uH_7-=M;DKj>rKi9AaenJ^@M=cju|+m}>*5pk zZEEJ}u{dnsxq#c}Tit(ku@&adOd?8oY;G5_@6Ov=_tDjShVq>6r{6uBKSykfk9}-h ztnba~d#VpGTr|y0OHmD+e=yeXTjn82>66DEFVkmOKH-~dgYLZZA(t&;$t@Q_IWX%59D3mW~5g8n`yxhY1cJ>m{}R3 z#H94*Z*%);ujakBuWHo~jXw{n9FjhKWw5OHKcjFzW0yXwX$|8?Nr_!a`o$6z8wH+i zdd+C9Rg<78SH5AQ_i@#{?Y~=mw!iNxlYG0*Lo0N~%42Ju-r;^e^J8&8w>u9*#x})% zk(_HwyAR|y&itJrE)p#++dTrerqIT)ggq|e@lI#jwK7R3BE3bccY4x8v=`By$&t*?u{p!bz z3*WV}#oJ0;45r^m=6*sr2Xv)%f3vpw+o#mz_RRS=uhqc%k36*wEii0zFEvHGED0K%aD7wj8%=7eA*hn z_@j-x=iFGsmXy_hCcQJ@n0qCdn??D;Y<0G>_lw%SeQ#~Ele_Ca^-y|o#B4;Sz6wa?_&#}qkVydd#u(zFef|D-@c;mjdjTHZ4cDVzs`t#tjnqP^+7QA%2hsH zD|8lqD4!c|FOhI*&xXkvyw8jc9`|Ifd8hnSk0JI&rjvBe;ZHnildTR+&@a5DdFtMu z)#ut|cS*5tQ?oqr=1=#}8L7{o%zSUtb1cm7851)r`>e;m=A01O$fa{5+2c(0EZtp8 z#BR?%n_xX#Q!tEwCC`N8Z7aA~qnvk%D%3=5Zh9%SA>qB$xLl~b0u&%5>7YTu&MdyBmi_X*ncIfZK4 zIse(3efL+c=MI(Z1O1nju4YA@(lm|vHDe0PrgsH7tvg=_xvzW4nrCV(dyivP|9&~g z3Br?aZhF!mF>kVXgUpfj%dK^n&g`EQ>^H7xnF z@np{Y?!M}M=KhX$UeAy4wq@y0U-{&j@tXg}Pr{U5A9r3-=9M6*;o9Hf^0z!6 z+osQ*S?t+piMd5WOS4b(T!sHZl2K&viA9w20lGyVXr5u+l-m`nT<(Rb8tUrtn_t z-*k`ne(TGnFN*d*TD#%v2ljKX0{VgqSUcjHlbiqRp8DeTYuB+Sj}sFEd5rmKRqS& z#jeJ04|h$HXt}sDGNs6A$vNj&7eBsud`q?QMcwjw2BIq@bW*2I-zQc6>Rw=YnAAI? zmC^afn%-DB+}_jEdn1IdHPZe zm+n;Ay0(dLqa5dPkDA`x94nvMeX%oDZ~Z?b9r^0b^1?ZWR`cR7$p^<;-|e22sv6Da z%q=0WKlNPRNk;J*%qMO|>sfKPDIDM^x-og~@%E`IIn%be3;wXE=Brq4b>8H_pZJS1 z!Ede9UVY!TDEscj8%ytogb4*MIn~kXzsd3MWt(qqj{i5_4ESl7<$Tvf?WEU3$zGS$ r?MiMcs!R(O{43hTDbszr=D^=o?B07*<;B%gtoPmA=K0mBIENVkh+i=$ diff --git a/users/aspen/secrets/buildkite-token.age b/users/aspen/secrets/buildkite-token.age index 320ee06c09375dda734ffeb55be1ffb4023e07c2..f55b31fb08ed9531a85c926063abe95597f0b651 100644 GIT binary patch delta 429 zcmaFQ@|byoPJNMaW|WJgXO)|oQ;0`EMP^8eubaNNWpTEDxlv|#Sb4rg94 zBbQTHq)};>W14nGvZsl5sky5~MPa&`d3K4Xhhb@uzd@P4nPEvqX?}2OAeXM4LUD11 zZfc5=si~o*f=`;0TT-Bce?Y!lRbgI=Q&d2NM?`2~kXx2vW{8Woc9wT|K$4f2TXJN1 zMP_7*b6%z|mywBap;xhKfSZ?dT9l`0UP)$Nx|553MpacxW_e_$V?=S4eyMwudz5eT z#E;_jCLtAxl|?4{Miq$x>BeSGVd;+UA*m%E$)<@u8C6A9E|vy{xt^8Deg?i=M!^B@ z2D!x%`o2kKIq5DTSw5bw70y*r$;qY89!ANu+mU%uI zLEb@*B^K^cS?;9)Syd$|m2UZ#&V}K*C1sW|$$n;886K|XTy7csjOyv@Gq^2!>lz9) zZf7?+dojf=e$FyW`%MXVy;N!uf_ zCKjhEq$^bFhFcWIdPgfnx~FJ6a^)ol7}Pt4gk)6aStjKfdZ*_mM;5vlmMwAD8W`ui$RhAc+IftcWWmZP%2Nr}T8Th4ThlX;M6dQ(RMHzWn21fd(XD6C# zyXTeXr+Jn~CT51Xxftj92c(zgghz7e>gp=^q?ad~RT!I_RzUf%kb2Gvk&7*TWYVEDW4mU0qUe)IUG0$JvWh@X||Zo7GjG%dW1qcx5rQ IP)zVQ0Q_XhbN~PV diff --git a/users/aspen/secrets/cloudflare.age b/users/aspen/secrets/cloudflare.age index 4f42ee7821653e6aea4ebb5d37fac9b79b091cab..6b3974ec7ab6840164cfd5a612861a755e4d5ac2 100644 GIT binary patch delta 374 zcmX@aJd=5XPQ9g!^EMtx+EOL3`tW@MU2VYo}CfrY+y zc$u$dK~SD2S6PL(Q?6r}NuINIvbJ-2YFJcmTBt`+rN4!9PE>$}b7f*iaH*+fd1EMW>ry6ZoY}LuSIS}v5!kYd8tQoWc?P?1xSX_|?5kb!BMzn`yJrgKhdp;<uu*b_TYhy!PPU^j z$hyF?NUMn8GH2cNqSVCVR0RVQt^%jLh+=;?v%=E!as{{7j!KUB|E`osg-R?a`G7EJd#H?!yd_hYvm zg}3VpG!#DAH(%!a_6s#a3uj)atxdF@=dnvWHg{&DWXXXEz3YR1OnV?9scIR+G~=sR LNyDrfL#O=!ig}uu diff --git a/users/aspen/secrets/ddclient-password.age b/users/aspen/secrets/ddclient-password.age index 8d25e3b539bd7e7e29b76c5be354f678dd4e7c27..bc82063c3a286b8719878091062b47b9471f706f 100644 GIT binary patch delta 325 zcmZ3>{DNtMPQABzpqWLuewu4oO1iI4M7U3In4_6_d6jW`Zg6&mTV|00Z?I2RRd{k* zcB!MQzqxTSSD343UZJOFj)_;PQ;2VYg@>z`uZ4+6RcTqUVOUgnYK4z)aBfI>PIh52 zm#(g^f_6ljNpY%co@G*msaJ8Dg-=10wr^xqa7j@?UZk-}V2FP~aGAM#NqR{+*Mpwf zlWeXtXxPagIR9|Yb=i-rSJ~>kU$;lFmwUy9TE1AdlQ+c=&Xe|&md=?{zN&n~p>4uN YYYu@fsp=G9vS5iq?P)cH1O1)c!alV^zxps1zXQq$4tE*v( zNm*D)P?$#`S7B0MT0nMAa+FzFSV>_+s^jJQW2?yU4IOJB8wOuCfg6suH(ACvD3V=iI6!H_Nne zr}ChBW7CYHs4P=2m(a{WE?r$+g}f-o3iBvu$D&|I^UO5;q6{MoQ-5baAJ4F|GLv*K z_X4+&yj<_d+%gwWu4|7KI`kxFxX(CztW=4~Vdoh^_TB!reFxcn84jKQ;FcT0Q@2LN ozG78T(8Qz8^BZNRzqs=8U;3kr>z6-#|0ZoGS6IZt9&k<+08w9x@Bjb+ diff --git a/users/aspen/secrets/secrets.nix b/users/aspen/secrets/secrets.nix index 5bfb1c3eb..778b8ebd6 100644 --- a/users/aspen/secrets/secrets.nix +++ b/users/aspen/secrets/secrets.nix @@ -8,7 +8,7 @@ in { "bbbg.age".publicKeys = [ grfn mugwump bbbg ]; "cloudflare.age".publicKeys = [ grfn mugwump ]; - "ddclient-password.age".publicKeys = [ grfn mugwump ]; + "ddclient-password.age".publicKeys = [ grfn ogopogo ]; "buildkite-ssh-key.age".publicKeys = [ grfn mugwump ogopogo ]; "buildkite-token.age".publicKeys = [ grfn mugwump ogopogo ]; "windtunnel-bot-github-token.age".publicKeys = [ grfn mugwump ogopogo ]; diff --git a/users/aspen/secrets/windtunnel-bot-github-token.age b/users/aspen/secrets/windtunnel-bot-github-token.age index daae99958..84e852f4c 100644 --- a/users/aspen/secrets/windtunnel-bot-github-token.age +++ b/users/aspen/secrets/windtunnel-bot-github-token.age @@ -1,11 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 CpJBgQ YaZ2VHyXofn2qnxRrOYO4yPPu77BEPFq/cbnfa+5WAA -VgJQoyJVxirvASD0aDsuzmbNJdIP0kpHa5b72Ri7kr8 --> ssh-ed25519 LfBFbQ cXXW3kQzZL7sU4heujIJGzvfpbX0toL2AgsJl5AZPEg -mhkKn69c/QeCJhYAFgx/MsHrIrXim3OcjkZ/rrckVLs --> ssh-ed25519 GeE7sQ /XcP3pWg+aKF1F0sPu6RpYv3Rfj2J/QI0yjg3Wgfjm0 -d+rsgbMlDJx0VrjD4/nO4UcM10hcrLxcPA3QlY1t7sQ --> "0?-grease k}d?h6 |v -7mV6AFUdCMCrkmLVQaWJPQ ---- I9Ls9AWMkSFCKw7y4pLoTkeGw7h5iROwXLuUm0nfuj8 -~v8&3\.%$ɺtQ͜},BEh w96?U \ No newline at end of file +-> ssh-ed25519 CpJBgQ qVlQpHyewtBSfFIdU8GihXC7JhGbcvQ61ZsJC20wSH4 +mZXwiTICzrG+3aCL67cO6cTWMgHkxhDyBi7tZ8l+QMA +-> ssh-ed25519 LfBFbQ 78NQxflRkRMW5vSP1BEvASSQU2pZAfMwd7T2+6W7NQs +u0x986pFtnD9ZqfL3KnRrdYS5z9LRUPJhcmc8FQOuGo +-> ssh-ed25519 GeE7sQ aqFQGCywSimHNbN5si0PzmESUXwROjrpTe/5UdTyYw4 +X2thEJIyOnNUsA746VwqZhH+44XBfCTvh7VOEg/zew0 +--- ndSgjJv5Tel6ovKl+SBdDHZHlszgsEhOY1HHpNDvf1s +Iʵu*1t(/X˕3ȒVGT|@K<})se9`*z \ No newline at end of file diff --git a/users/aspen/system/system/machines/mugwump.nix b/users/aspen/system/system/machines/mugwump.nix index 4cfa11713..1daa92f25 100644 --- a/users/aspen/system/system/machines/mugwump.nix +++ b/users/aspen/system/system/machines/mugwump.nix @@ -9,7 +9,6 @@ with lib; (depot.path.origSrc + "/ops/modules/prometheus-fail2ban-exporter.nix") (depot.path.origSrc + "/users/aspen/xanthous/server/module.nix") (depot.third_party.agenix.src + "/modules/age.nix") - depot.third_party.ddclient.module ]; networking.hostName = "mugwump"; @@ -83,7 +82,6 @@ with lib; in { cloudflare.file = secret "cloudflare"; - ddclient-password.file = secret "ddclient-password"; buildkite-ssh-key = { file = secret "buildkite-ssh-key"; @@ -164,18 +162,6 @@ with lib; }; }; - services.deprecated-ddclient = { - package = depot.third_party.ddclient; - enable = true; - domains = [ "home.gws.fyi" ]; - interval = "1d"; - zone = "gws.fyi"; - protocol = "cloudflare"; - username = "root@gws.fyi"; - passwordFile = config.age.secretsDir + "/ddclient-password"; - quiet = true; - }; - security.acme.certs."metrics.gws.fyi" = { dnsProvider = "cloudflare"; credentialsFile = config.age.secretsDir + "/cloudflare"; diff --git a/users/aspen/system/system/machines/ogopogo.nix b/users/aspen/system/system/machines/ogopogo.nix index 4b4252460..4dbb3d14e 100644 --- a/users/aspen/system/system/machines/ogopogo.nix +++ b/users/aspen/system/system/machines/ogopogo.nix @@ -96,4 +96,28 @@ wal_level = "logical"; }; }; + + # ddclient + age.secrets = + let + secret = name: depot.users.aspen.secrets."${name}.age"; + in + { + ddclient-password.file = secret "ddclient-password"; + }; + + services.ddclient = { + enable = true; + domains = [ "home.gws.fyi" ]; + interval = "1d"; + zone = "gws.fyi"; + protocol = "cloudflare"; + username = "root@gws.fyi"; + passwordFile = config.age.secretsDir + "/ddclient-password"; + quiet = true; + } + # TODO(aspen): Remove when upgrading past 4.0.0 + // lib.optionalAttrs (lib.versionOlder pkgs.ddclient.version "4.0.0") { + ssl = false; + }; }