run `ddns-updater' on `vm-synology'

It has a small UI and the configuration with the secrets is managed with `agenix'.
author: Franck Cuny <franck@fcuny.net> 2024-12-15 11:21:54 -0800
committer: Franck Cuny <franck@fcuny.net> 2024-12-15 11:21:54 -0800
commit: e48ba8e6598a7db8b2720f4fb62c683a7d13840e (patch)
tree: 1ce5b925249bebf38a3d3ce98b2f88e2b32556e4 /nix/machines/vm-synology/ddns.nix
parent: add recipe to edit secret (diff)
download: infra-e48ba8e6598a7db8b2720f4fb62c683a7d13840e.tar.gz
1 files changed, 21 insertions, 0 deletions
diff --git a/nix/machines/vm-synology/ddns.nix b/nix/machines/vm-synology/ddns.nix
new file mode 100644
index 0000000..df59793
--- /dev/null
+++ b/nix/machines/vm-synology/ddns.nix
@@ -0,0 +1,21 @@
+{ ... }: {
+  age.secrets.ddns-updater = {
+    file = ../../../secrets/ddns-updater.age;
+    owner = "root";
+    group = "root";
+    mode = "600";
+  };
+
+  # https://github.com/NixOS/nixpkgs/blob/e028379cfb9d92e49120e46045042998dfed87d0/nixos/modules/services/networking/ddns-updater.nix#
+  services.ddns-updater = {
+    enable = true;
+    environment = {
+      RESOLVER_ADDRESS = "8.8.8.8:53";
+      CONFIG_FILEPATH = "%d/config.json";
+    };
+  };
+
+  # https://systemd.io/CREDENTIALS/
+  systemd.services.ddns-updater.serviceConfig.LoadCredential =
+    "config.json:/run/agenix/ddns-updater";
+}
author	Franck Cuny <franck@fcuny.net>	2024-12-15 11:21:54 -0800
committer	Franck Cuny <franck@fcuny.net>	2024-12-15 11:21:54 -0800
commit	e48ba8e6598a7db8b2720f4fb62c683a7d13840e (patch)
tree	1ce5b925249bebf38a3d3ce98b2f88e2b32556e4 /nix/machines/vm-synology/ddns.nix
parent	add recipe to edit secret (diff)
download	infra-e48ba8e6598a7db8b2720f4fb62c683a7d13840e.tar.gz