Skip to content

Commit e1a629b

Browse files
anthr76anthr76
committed
fix: ddns on nwk2 ddns on cf
Signed-off-by: Anthony Rabbito <[email protected]>
1 parent aa6e427 commit e1a629b

File tree

4 files changed

+174
-28
lines changed

4 files changed

+174
-28
lines changed

Diff for: nixos/hosts/fw1-nwk2/default.nix

+168-22
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,10 @@
1-
{ lib, inputs, pkgs, ... }:
1+
{
2+
lib,
3+
inputs,
4+
pkgs,
5+
config,
6+
...
7+
}:
28
let
39
zoneSerial = toString inputs.self.lastModified;
410
in
@@ -10,7 +16,7 @@ in
1016
];
1117
networking.hostName = "fw1";
1218
networking.domain = "nwk2.rabbito.tech";
13-
services.cfdyndns.records = [
19+
services.cloudflare-dyndns.domains = [
1420
"fw-1.nwk2.rabbito.tech"
1521
"nwk2.rabbito.tech"
1622
];
@@ -34,11 +40,56 @@ in
3440
'';
3541

3642
networking.interfaces = {
37-
vlan8 = { ipv4 = { addresses = [{ address = "192.168.15.1"; prefixLength = 24; }]; }; };
38-
vlan10 = { ipv4 = { addresses = [{ address = "192.168.7.1"; prefixLength = 24; }]; }; };
39-
vlan99 = { ipv4 = { addresses = [{ address = "10.30.99.1"; prefixLength = 24; }]; }; };
40-
vlan100 = { ipv4 = { addresses = [{ address = "192.168.11.1"; prefixLength = 24; }]; }; };
41-
vlan101 = { ipv4 = { addresses = [{ address = "192.168.5.1"; prefixLength = 24; }]; }; };
43+
vlan8 = {
44+
ipv4 = {
45+
addresses = [
46+
{
47+
address = "192.168.15.1";
48+
prefixLength = 24;
49+
}
50+
];
51+
};
52+
};
53+
vlan10 = {
54+
ipv4 = {
55+
addresses = [
56+
{
57+
address = "192.168.7.1";
58+
prefixLength = 24;
59+
}
60+
];
61+
};
62+
};
63+
vlan99 = {
64+
ipv4 = {
65+
addresses = [
66+
{
67+
address = "10.30.99.1";
68+
prefixLength = 24;
69+
}
70+
];
71+
};
72+
};
73+
vlan100 = {
74+
ipv4 = {
75+
addresses = [
76+
{
77+
address = "192.168.11.1";
78+
prefixLength = 24;
79+
}
80+
];
81+
};
82+
};
83+
vlan101 = {
84+
ipv4 = {
85+
addresses = [
86+
{
87+
address = "192.168.5.1";
88+
prefixLength = 24;
89+
}
90+
];
91+
};
92+
};
4293
};
4394
services.tailscale.extraUpFlags = [
4495
"--advertise-routes=192.168.11.0/24,10.30.99.0/24,192.168.7.0/24"
@@ -162,21 +213,116 @@ in
162213
zones = {
163214
"nwk2.rabbito.tech." = {
164215
master = true;
165-
file = pkgs.writeText "nwk2.rabbito.tech" (lib.strings.concatStrings [
166-
''
167-
$ORIGIN nwk2.rabbito.tech.
168-
$TTL 86400
169-
@ IN SOA nwk2.rabbito.tech. admin.rabbito.tech (
170-
${zoneSerial} ; serial number
171-
3600 ; refresh
172-
900 ; retry
173-
1209600 ; expire
174-
1800 ; ttl
175-
)
176-
IN NS fw1.nwk2.rabbito.tech.
177-
fw1 IN A 10.30.99.1
178-
''
179-
]);
216+
file = pkgs.writeText "nwk2.rabbito.tech" (
217+
lib.strings.concatStrings [
218+
''
219+
$ORIGIN nwk2.rabbito.tech.
220+
$TTL 86400
221+
@ IN SOA nwk2.rabbito.tech. admin.rabbito.tech (
222+
${zoneSerial} ; serial number
223+
3600 ; refresh
224+
900 ; retry
225+
1209600 ; expire
226+
1800 ; ttl
227+
)
228+
IN NS fw1.nwk2.rabbito.tech.
229+
fw1 IN A 10.30.99.1
230+
''
231+
]
232+
);
233+
};
234+
"11.168.192.in-addr.arpa." = {
235+
master = true;
236+
extraConfig = ''
237+
allow-update { key "dhcp-update-key"; };
238+
journal "${config.services.bind.directory}/db.11.168.192.in-addr.arpa.jnl";
239+
'';
240+
file = pkgs.writeText "11.168.192.in-addr.arpa" (
241+
lib.strings.concatStrings [
242+
''
243+
$ORIGIN 11.168.192.in-addr.arpa.
244+
$TTL 86400
245+
@ IN SOA nwk2.rabbito.tech. admin.rabbito.tech (
246+
${zoneSerial} ; serial number
247+
3600 ; refresh
248+
900 ; retry
249+
1209600 ; expire
250+
1800 ; ttl
251+
)
252+
IN NS fw1.nwk2.rabbito.tech.
253+
''
254+
]
255+
);
256+
};
257+
"7.168.192.in-addr.arpa." = {
258+
master = true;
259+
extraConfig = ''
260+
allow-update { key "dhcp-update-key"; };
261+
journal "${config.services.bind.directory}/db.7.168.192.in-addr.arpa.jnl";
262+
'';
263+
file = pkgs.writeText "7.168.192.in-addr.arpa" (
264+
lib.strings.concatStrings [
265+
''
266+
$ORIGIN 7.168.192.in-addr.arpa.
267+
$TTL 86400
268+
@ IN SOA nwk2.rabbito.tech. admin.rabbito.tech (
269+
${zoneSerial} ; serial number
270+
3600 ; refresh
271+
900 ; retry
272+
1209600 ; expire
273+
1800 ; ttl
274+
)
275+
IN NS fw1.nwk2.rabbito.tech.
276+
''
277+
]
278+
);
279+
};
280+
"5.58.192.in-addr.arpa." = {
281+
master = true;
282+
extraConfig = ''
283+
allow-update { key "dhcp-update-key"; };
284+
journal "${config.services.bind.directory}/db.5.168.192.in-addr.arpa.jnl";
285+
'';
286+
file = pkgs.writeText "5.168.192.in-addr.arpa" (
287+
lib.strings.concatStrings [
288+
''
289+
$ORIGIN 5.168.192.in-addr.arpa.
290+
$TTL 86400
291+
@ IN SOA nwk2.rabbito.tech. admin.rabbito.tech (
292+
${zoneSerial} ; serial number
293+
3600 ; refresh
294+
900 ; retry
295+
1209600 ; expire
296+
1800 ; ttl
297+
)
298+
IN NS fw1.nwk2.rabbito.tech.
299+
''
300+
]
301+
);
302+
};
303+
"99.30.10.in-addr.arpa." = {
304+
master = true;
305+
extraConfig = ''
306+
allow-update { key "dhcp-update-key"; };
307+
journal "${config.services.bind.directory}/db.99.30.10.in-addr.arpa.jnl";
308+
'';
309+
file = pkgs.writeText "99.30.10.in-addr.arpa" (
310+
lib.strings.concatStrings [
311+
''
312+
$ORIGIN 99.30.10.in-addr.arpa.
313+
$TTL 86400
314+
@ IN SOA nwk2.rabbito.tech. admin.rabbito.tech (
315+
${zoneSerial} ; serial number
316+
3600 ; refresh
317+
900 ; retry
318+
1209600 ; expire
319+
1800 ; ttl
320+
)
321+
IN NS fw1.nwk2.rabbito.tech.
322+
1 IN PTR fw1.nwk2.rabbito.tech.
323+
''
324+
]
325+
);
180326
};
181327
};
182328
};

Diff for: nixos/hosts/fw1-nwk3/default.nix

+1-1
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,7 @@ in
1616
];
1717
networking.hostName = "fw1";
1818
networking.domain = "nwk3.rabbito.tech";
19-
services.cfdyndns.records = [
19+
services.cloudflare-dyndns.domains = [
2020
"fw-1.nwk3.rabbito.tech"
2121
"nwk3.rabbito.tech"
2222
];

Diff for: nixos/personalities/server/router/ddns.nix

+1-1
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ in
1717
owner = config.systemd.services.kea-dhcp-ddns-server.serviceConfig.User;
1818
group = config.systemd.services.kea-dhcp-ddns-server.serviceConfig.User;
1919
};
20-
services.cfdyndns = {
20+
services.cloudflare-dyndns = {
2121
enable = true;
2222
apiTokenFile = config.sops.secrets.cfApiToken.path;
2323
};

Diff for: secrets/users.yaml

+4-4
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ chromium-client-id: ENC[AES256_GCM,data:Rs3oOBRT9Efrp805fGzRGOJ6WhJAd1TApCiWYnBq
44
chromium-client-secret: ENC[AES256_GCM,data:CrQUBfe8lZHdYkCbi7NfBUqqTK2BBe518OejzdWfJ3ozCy0=,iv:6bfQeF/6dggeMIssfAsdENHWSug81g4gswxao0sSveQ=,tag:BwUK/DQ4JIiBtCkV8MkZ5Q==,type:str]
55
tailscale-auth-key: ENC[AES256_GCM,data:bZlL8FYKJMOfj1RWHZFIgNkGY5G4qwBohZKf9aavYOelrIDjWb6kot3eLhGR6S3cJt+/pzFv75143AKrUNc=,iv:I3BAY57o8Bl7BIqRXzEmjDvNg1j6EPKS6KlDn0WXDLU=,tag:EP3KB3QOgqAVO8XXQ5Twog==,type:str]
66
nixbuild-ssh-key: ENC[AES256_GCM,data:CJoF+QvIYYBF82iRwqfFsvyTaGZf4zgZYpnppA9jYij6lGWee3LGA0lDp05oG6h3QY5Yrp8XB8lx4WUzALWHjYn9cY+762PxfRO8SwQYx1oJvfP8zZv02WgzctbyxHNNP3bn4yC1YyWDyvWTCU9uQgL+kWOjNpfSBqGJ7rGAuF+XypgmgFMbly4sl8Z3SbICFNVWQOCloemHS/kN2hNu+KlaWgoAPbgAWmLnYb9qndkQKiwapxfi0J4KyU/ryqXW98a+ig89e8u+mJmA8Q9p6XwkEYZ9DAqHg95dqPgjJYgrlmpy4dJ8UHpdFACD8cWQEu11n2O9dIy5pw/YpF89n2toFgDX1Kn/4FMXVaBg/uzJfF9IaOLLOEnqMTXrin+2DWmFDnS+/9w0ybcDPGhIL3+d9xSN8cWgYIB4dr2AVBajbwF3PezczWTg+UIC6fyT1QQAXkusL07pcntOy0g+fMkCXBYLTu84QPmXpRXJVdBDF2v3TF9gtpfc1tpOW0LWc+U0x0m5WALNUAJJ1MXk,iv:UmwIuZIvndyzPQvsm/3M+EwA3gyfyLxZfFcKK6tkkVg=,tag:hIDXKv3E+7SPDBPwSmyV4Q==,type:str]
7-
cfApiToken: ENC[AES256_GCM,data:H58ODWo3uRm/V4MuNRXV/LxGq6eSX/Og+k95wyV3cLLy9GCVPJP/AA==,iv:z71Fyl6XjcOwl0mwu/sycYm6g3ZZ8HijeeILWXUwUII=,tag:BIXwlUfI7CywLga4+zF87g==,type:str]
7+
cfApiToken: ENC[AES256_GCM,data:Ajy7NlkGlHeOoHN3xfl7Eo/mUNUYRGYQJrD/kTbWkLU0QxowGEJPO8oGaB9NrOhuT6R0pAuAugTWj+/Yxg==,iv:MmGlH8xw1Buy9w7mJlGG9/RbLgB36iCMc5/0uHz0qwA=,tag:0uSCWejKa4mn1yt+vGn88g==,type:str]
88
ddns-tsig-key: ENC[AES256_GCM,data:QstpuXoJUplS4BxvRmGIbGBk0+uiLtbyE5XV3CcCcJd6xz7CCIOpsb/YR7w=,iv:2eEL8mD49o9+Qd0VPGAkkudBZOv5YV9h5vuHnugJ8BY=,tag:nurtUr3nfPOmwAExybJsNQ==,type:str]
99
bind-ddns-tsig-file: ENC[AES256_GCM,data:VoZh19vnpVxad/PBJdIv8axpZfZZA/txPNESwwRk23YrJ2aSJ+I19LbLPPniEryFSUchyaDocgeLy0vTC/FElc2IQQoj4oEX8sUeskL6Mi57WsZYLAQfIVEr1R0vyja6f+XOUSwmI/suU3AHDhmkSu0=,iv:cUKG+55PQiaGYm3056ri5OsG10YFJMWyC9+rPg6e7DM=,tag:J2PNelxamFMaUTbfN4dWcw==,type:str]
1010
sops:
@@ -94,8 +94,8 @@ sops:
9494
aXVheUlzK3prQWR5bytPcmlWSC9qOFEKmLiEcU0rCyi7HnBlgG/WZESnqC8erjKa
9595
jNXj+pFjHW8bq6DlC8lclufntBiu7GYyX73SAE3Tpa9vMTyooGlv0g==
9696
-----END AGE ENCRYPTED FILE-----
97-
lastmodified: "2025-01-13T01:37:56Z"
98-
mac: ENC[AES256_GCM,data:8oW84vt/OyouzxAut+LD40tzfinoyXBMELsXuzDiQOPPXsj/GHf4kgAI0lFgjswGM6z8IWE1yvgpMryW59qTulbWnjfC753PQnmBvD2YGB1ASGq3OulursIGGtksWeUC3KDKcg4iAWeqXI6u7tTc+4hi5MTi7nPmQbjn1UrxZso=,iv:+r1IgqsV5402DU/ZmHTxgsS3wc0quSMfgyXGM/hScZE=,tag:nPE9vfoB94KJQcVQh+TeWQ==,type:str]
97+
lastmodified: "2025-01-19T15:26:04Z"
98+
mac: ENC[AES256_GCM,data:qU3HChCRp70wbNNfmQtkFoMWNTZQmDFVTATtOMU9PhBUBHF4Kxnyg5qnXgpfhyYtpbjs1kNFd+Gh5IsvRwI8GccsL+Q6dd1UT148ajpnBLNNZnRNS7kLK9Crh1Y0ganPul0WBHWJspzyyNBfRrigk4LMyoBXGnei6/zeRDJMvV4=,iv:BDbhV5kHxydzla3//HTNYllpTDH06CyJbsxYWLhnTHU=,tag:wSBlFyXFWOI8m+xdg8rPpA==,type:str]
9999
pgp: []
100100
unencrypted_suffix: _unencrypted
101-
version: 3.9.2
101+
version: 3.9.3

0 commit comments

Comments
 (0)