128 lines
3.5 KiB
Nix
128 lines
3.5 KiB
Nix
{ config, pkgs, lib, ... }:
|
|
|
|
with lib;
|
|
let
|
|
cfg = config.fudo.client.dns;
|
|
|
|
ssh-key-files =
|
|
map (host-key: host-key.path) config.services.openssh.hostKeys;
|
|
|
|
ssh-key-args = concatStringsSep " " (map (file: "-f ${file}") ssh-key-files);
|
|
|
|
in {
|
|
options.fudo.client.dns = {
|
|
enable = mkEnableOption "Enable Fudo DynDNS Client.";
|
|
|
|
ipv4 = mkOption {
|
|
type = types.bool;
|
|
default = true;
|
|
description = "Report host external IPv4 address to Fudo DynDNS server.";
|
|
};
|
|
|
|
ipv6 = mkOption {
|
|
type = types.bool;
|
|
default = true;
|
|
description = "Report host external IPv6 address to Fudo DynDNS server.";
|
|
};
|
|
|
|
sshfp = mkOption {
|
|
type = types.bool;
|
|
default = true;
|
|
description = "Report host SSH fingerprints to the Fudo DynDNS server.";
|
|
};
|
|
|
|
domain = mkOption {
|
|
type = types.str;
|
|
description = "Domain under which this host is registered.";
|
|
default = "fudo.link";
|
|
};
|
|
|
|
server = mkOption {
|
|
type = types.str;
|
|
description = "Backplane DNS server to which changes will be reported.";
|
|
default = "backplane.fudo.org";
|
|
};
|
|
|
|
password-file = mkOption {
|
|
type = types.str;
|
|
description = "File containing host password for backplane.";
|
|
example = "/path/to/secret.passwd";
|
|
};
|
|
|
|
frequency = mkOption {
|
|
type = types.str;
|
|
description =
|
|
"Frequency at which to report the local IP(s) to backplane.";
|
|
default = "*:0/15";
|
|
};
|
|
|
|
user = mkOption {
|
|
type = types.str;
|
|
description =
|
|
"User as which to run the client script (must have access to password file).";
|
|
default = "backplane-dns-client";
|
|
};
|
|
|
|
external-interface = mkOption {
|
|
type = with types; nullOr str;
|
|
description =
|
|
"Interface with which this host communicates with the larger internet.";
|
|
default = null;
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
users.users = {
|
|
"${cfg.user}" = {
|
|
isSystemUser = true;
|
|
createHome = true;
|
|
home = "/var/home/${cfg.user}";
|
|
};
|
|
};
|
|
|
|
systemd = {
|
|
timers.backplane-dns-client = {
|
|
enable = true;
|
|
description = "Report local IP addresses to Fudo backplane.";
|
|
partOf = [ "backplane-dns-client.service" ];
|
|
wantedBy = [ "timers.target" ];
|
|
requires = [ "network-online.target" ];
|
|
timerConfig = { OnCalendar = cfg.frequency; };
|
|
};
|
|
|
|
services.backplane-dns-client-pw-file = {
|
|
enable = true;
|
|
requiredBy = [ "backplane-dns-client.services" ];
|
|
reloadIfChanged = true;
|
|
serviceConfig = { Type = "oneshot"; };
|
|
script = ''
|
|
chmod 400 ${cfg.password-file}
|
|
chown ${cfg.user} ${cfg.password-file}
|
|
'';
|
|
};
|
|
|
|
services.backplane-dns-client = {
|
|
enable = true;
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
StandardOutput = "journal";
|
|
User = cfg.user;
|
|
ExecStart = pkgs.writeShellScript "start-backplane-dns-client.sh" ''
|
|
${pkgs.backplane-dns-client}/bin/backplane-dns-client ${
|
|
optionalString cfg.ipv4 "-4"
|
|
} ${optionalString cfg.ipv6 "-6"} ${
|
|
optionalString cfg.sshfp ssh-key-args
|
|
} ${
|
|
optionalString (cfg.external-interface != null)
|
|
"--interface=${cfg.external-interface}"
|
|
} --domain=${cfg.domain} --server=${cfg.server} --password-file=${cfg.password-file}
|
|
'';
|
|
};
|
|
# Needed to generate SSH fingerprinst
|
|
path = [ pkgs.openssh ];
|
|
reloadIfChanged = true;
|
|
};
|
|
};
|
|
};
|
|
}
|