felixalb/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

domeneshop-dyndns: don't put credentials in the command line options

Browse Source
This commit is contained in:
Felix Albrigtsen
2024-09-08 02:32:11 +02:00
parent 7cd7596d66
commit 50dbcfeceb
5 changed files with 16 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
common/domeneshop-dyndns.nix
View File

@@ -11,9 +11,9 @@ in {
description = "Domain name to configure";
};
environmentFile = lib.mkOption {
netrcFile = lib.mkOption {
type = lib.types.path;
description = "Path to the file that sets DDNS_TOKEN and DDNS_SERET from https://www.domeneshop.no/admin?view=api";
description = "Path to the file that contains `machine api.domeneshop.no login <DDNS_TOKEN> password <DDNS_SECRET>` from https://domene.shop/admin?view=api";
};
startAt = lib.mkOption {
@@ -25,7 +25,7 @@ in {
config = lib.mkIf cfg.enable {
systemd.services.domeneshop-dyndns = {
serviceConfig.EnvironmentFile = cfg.environmentFile;
serviceConfig.LoadCredential = "netrc:${cfg.netrcFile}";
startAt = cfg.startAt;
script = ''
@@ -35,7 +35,7 @@ in {
if [[ "$NEW_IP" != "$OLD_IP" ]]; then
echo "Old IP ($OLD_IP) does not match new IP ($NEW_IP), updating..."
${lib.getExe pkgs.curl} --silent "https://$DDNS_TOKEN:$DDNS_SECRET@api.domeneshop.no/v0/dyndns/update?hostname=$DNSNAME&myip=$NEW_IP"
${lib.getExe pkgs.curl} --silent --netrc-file "$CREDENTIALS_DIRECTORY/netrc" "https://api.domeneshop.no/v0/dyndns/update?hostname=$DNSNAME&myip=$NEW_IP"
else
echo "Old IP ($OLD_IP) matches new IP ($NEW_IP), exiting..."
fi