feat(aspen/system): Reinstate ddclient, migrate to ogopogo

ddclient is back in nixpkgs and nixos[0], so let's just use that, and
remove the backported package from third_party.

[0] 8a8ec36615

Change-Id: Ib14ab68158a6799c78d71e3bea63869ec9fc1a48
Reviewed-on: https://cl.tvl.fyi/c/depot/+/12500
Tested-by: BuildkiteCI
Reviewed-by: aspen <root@gws.fyi>
Autosubmit: aspen <root@gws.fyi>

users/aspen/secrets/secrets.nix

@@ -8,7 +8,7 @@ in
 {
   "bbbg.age".publicKeys = [ grfn mugwump bbbg ];
   "cloudflare.age".publicKeys = [ grfn mugwump ];
-  "ddclient-password.age".publicKeys = [ grfn mugwump ];
+  "ddclient-password.age".publicKeys = [ grfn ogopogo ];
   "buildkite-ssh-key.age".publicKeys = [ grfn mugwump ogopogo ];
   "buildkite-token.age".publicKeys = [ grfn mugwump ogopogo ];
   "windtunnel-bot-github-token.age".publicKeys = [ grfn mugwump ogopogo ];

users/aspen/secrets/windtunnel-bot-github-token.age

@@ -1,11 +1,9 @@
 age-encryption.org/v1
--> ssh-ed25519 CpJBgQ YaZ2VHyXofn2qnxRrOYO4yPPu77BEPFq/cbnfa+5WAA
-VgJQoyJVxirvASD0aDsuzmbNJdIP0kpHa5b72Ri7kr8
--> ssh-ed25519 LfBFbQ cXXW3kQzZL7sU4heujIJGzvfpbX0toL2AgsJl5AZPEg
-mhkKn69c/QeCJhYAFgx/MsHrIrXim3OcjkZ/rrckVLs
--> ssh-ed25519 GeE7sQ /XcP3pWg+aKF1F0sPu6RpYv3Rfj2J/QI0yjg3Wgfjm0
-d+rsgbMlDJx0VrjD4/nO4UcM10hcrLxcPA3QlY1t7sQ
--> "0?-grease k}d?h6 |v
-7mV6AFUdCMCrkmLVQaWJPQ
---- I9Ls9AWMkSFCKw7y4pLoTkeGw7h5iROwXLuUm0nfuj8
-~‚v‰8‚&‚ü£¹3\²Òý.»%$¼›Éº°³tòóˆØQ©ˆÀ¨á”Åé¼Íœ}ˆ—ó,BEÇh
w
96”çö?ÓU
+-> ssh-ed25519 CpJBgQ qVlQpHyewtBSfFIdU8GihXC7JhGbcvQ61ZsJC20wSH4
+mZXwiTICzrG+3aCL67cO6cTWMgHkxhDyBi7tZ8l+QMA
+-> ssh-ed25519 LfBFbQ 78NQxflRkRMW5vSP1BEvASSQU2pZAfMwd7T2+6W7NQs
+u0x986pFtnD9ZqfL3KnRrdYS5z9LRUPJhcmc8FQOuGo
+-> ssh-ed25519 GeE7sQ aqFQGCywSimHNbN5si0PzmESUXwROjrpTe/5UdTyYw4
+X2thEJIyOnNUsA746VwqZhH+44XBfCTvh7VOEg/zew0
+--- ndSgjJv5Tel6ovKl+SBdDHZHlszgsEhOY1HHpNDvf1s
+ÒüI¼Êʵu*1ðÄt©(úùºîƒ/œXÀÜË•3È’<C388>ï<12>†VGúÁT|Î@<40>·ÌKó¾<}§)se¹9`í¶*z

users/aspen/system/system/machines/mugwump.nix

@@ -9,7 +9,6 @@ with lib;
     (depot.path.origSrc + "/ops/modules/prometheus-fail2ban-exporter.nix")
     (depot.path.origSrc + "/users/aspen/xanthous/server/module.nix")
     (depot.third_party.agenix.src + "/modules/age.nix")
-    depot.third_party.ddclient.module
   ];
 
   networking.hostName = "mugwump";
@@ -83,7 +82,6 @@ with lib;
     in
     {
       cloudflare.file = secret "cloudflare";
-      ddclient-password.file = secret "ddclient-password";
 
       buildkite-ssh-key = {
         file = secret "buildkite-ssh-key";
@@ -164,18 +162,6 @@ with lib;
     };
   };
 
-  services.deprecated-ddclient = {
-    package = depot.third_party.ddclient;
-    enable = true;
-    domains = [ "home.gws.fyi" ];
-    interval = "1d";
-    zone = "gws.fyi";
-    protocol = "cloudflare";
-    username = "root@gws.fyi";
-    passwordFile = config.age.secretsDir + "/ddclient-password";
-    quiet = true;
-  };
-
   security.acme.certs."metrics.gws.fyi" = {
     dnsProvider = "cloudflare";
     credentialsFile = config.age.secretsDir + "/cloudflare";

users/aspen/system/system/machines/ogopogo.nix

@@ -96,4 +96,28 @@
       wal_level = "logical";
     };
   };
+
+  # ddclient
+  age.secrets =
+    let
+      secret = name: depot.users.aspen.secrets."${name}.age";
+    in
+    {
+      ddclient-password.file = secret "ddclient-password";
+    };
+
+  services.ddclient = {
+    enable = true;
+    domains = [ "home.gws.fyi" ];
+    interval = "1d";
+    zone = "gws.fyi";
+    protocol = "cloudflare";
+    username = "root@gws.fyi";
+    passwordFile = config.age.secretsDir + "/ddclient-password";
+    quiet = true;
+  }
+  # TODO(aspen): Remove when upgrading past 4.0.0
+  // lib.optionalAttrs (lib.versionOlder pkgs.ddclient.version "4.0.0") {
+    ssl = false;
+  };
 }