feat(aspen/system): Reinstate ddclient, migrate to ogopogo

ddclient is back in nixpkgs and nixos[0], so let's just use that, and remove the backported package from third_party. [0] 8a8ec36615 Change-Id: Ib14ab68158a6799c78d71e3bea63869ec9fc1a48 Reviewed-on: https://cl.tvl.fyi/c/depot/+/12500 Tested-by: BuildkiteCI Reviewed-by: aspen <root@gws.fyi> Autosubmit: aspen <root@gws.fyi>
2024-09-21 11:37:43 -04:00 · 2024-09-21 11:37:43 -04:00 · bf4f1a43e5
commit bf4f1a43e5
parent 0320d778d9
12 changed files with 33 additions and 312 deletions
--- a/users/aspen/system/system/machines/mugwump.nix
+++ b/users/aspen/system/system/machines/mugwump.nix
@ -9,7 +9,6 @@ with lib;
    (depot.path.origSrc + "/ops/modules/prometheus-fail2ban-exporter.nix")
    (depot.path.origSrc + "/users/aspen/xanthous/server/module.nix")
    (depot.third_party.agenix.src + "/modules/age.nix")
-    depot.third_party.ddclient.module
  ];

  networking.hostName = "mugwump";
@ -83,7 +82,6 @@ with lib;
    in
    {
      cloudflare.file = secret "cloudflare";
-      ddclient-password.file = secret "ddclient-password";

      buildkite-ssh-key = {
        file = secret "buildkite-ssh-key";
@ -164,18 +162,6 @@ with lib;
    };
  };

-  services.deprecated-ddclient = {
-    package = depot.third_party.ddclient;
-    enable = true;
-    domains = [ "home.gws.fyi" ];
-    interval = "1d";
-    zone = "gws.fyi";
-    protocol = "cloudflare";
-    username = "root@gws.fyi";
-    passwordFile = config.age.secretsDir + "/ddclient-password";
-    quiet = true;
-  };
-
  security.acme.certs."metrics.gws.fyi" = {
    dnsProvider = "cloudflare";
    credentialsFile = config.age.secretsDir + "/cloudflare";
--- a/users/aspen/system/system/machines/ogopogo.nix
+++ b/users/aspen/system/system/machines/ogopogo.nix
@ -96,4 +96,28 @@
      wal_level = "logical";
    };
  };
+
+  # ddclient
+  age.secrets =
+    let
+      secret = name: depot.users.aspen.secrets."${name}.age";
+    in
+    {
+      ddclient-password.file = secret "ddclient-password";
+    };
+
+  services.ddclient = {
+    enable = true;
+    domains = [ "home.gws.fyi" ];
+    interval = "1d";
+    zone = "gws.fyi";
+    protocol = "cloudflare";
+    username = "root@gws.fyi";
+    passwordFile = config.age.secretsDir + "/ddclient-password";
+    quiet = true;
+  }
+  # TODO(aspen): Remove when upgrading past 4.0.0
+  // lib.optionalAttrs (lib.versionOlder pkgs.ddclient.version "4.0.0") {
+    ssl = false;
+  };
 }