noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2024-09-19 17:04:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

don't enable cloudflare-dyndns unless domain list is non-empty

Browse Source
This commit is contained in:
Noah Masur 2024-03-30 18:03:52 +00:00
parent c4a1c7564c
commit 5e1534451d
No known key found for this signature in database
1 changed files with 41 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
modules/nixos/services/cloudflare.nix
View File

@ -98,52 +98,56 @@ in {
services.transmission.settings.rpc-whitelist = services.transmission.settings.rpc-whitelist =
builtins.concatStringsSep "," ([ "127.0.0.1" ] ++ cloudflareIpRanges); builtins.concatStringsSep "," ([ "127.0.0.1" ] ++ cloudflareIpRanges);
services.cloudflare-dyndns = { services.cloudflare-dyndns = lib.mkIf
enable = true; ((builtins.length config.services.cloudflare-dyndns.domains) > 0) {
proxied = true; enable = true;
deleteMissing = true; proxied = true;
apiTokenFile = config.secrets.cloudflare-api.dest; deleteMissing = true;
}; apiTokenFile = config.secrets.cloudflare-api.dest;
};
# Wait for secret to exist # Wait for secret to exist to start
systemd.services.cloudflare-dyndns = { systemd.services.cloudflare-dyndns =
after = [ "cloudflare-api-secret.service" ]; lib.mkIf config.services.cloudflare-dyndns.enable {
requires = [ "cloudflare-api-secret.service" ]; after = [ "cloudflare-api-secret.service" ];
}; requires = [ "cloudflare-api-secret.service" ];
};
# Run a second copy of dyn-dns for non-proxied domains # Run a second copy of dyn-dns for non-proxied domains
# Adapted from: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/networking/cloudflare-dyndns.nix # Adapted from: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/networking/cloudflare-dyndns.nix
systemd.services.cloudflare-dyndns-noproxy = { systemd.services.cloudflare-dyndns-noproxy =
description = "CloudFlare Dynamic DNS Client (no proxy)"; lib.mkIf ((builtins.length config.cloudflare.noProxyDomains) > 0) {
after = [ "network.target" "cloudflare-api-secret.service" ]; description = "CloudFlare Dynamic DNS Client (no proxy)";
requires = [ "cloudflare-api-secret.service" ]; after = [ "network.target" "cloudflare-api-secret.service" ];
wantedBy = [ "multi-user.target" ]; requires = [ "cloudflare-api-secret.service" ];
startAt = "*:0/5"; wantedBy = [ "multi-user.target" ];
startAt = "*:0/5";
environment = { environment = {
CLOUDFLARE_DOMAINS = toString config.cloudflare.noProxyDomains; CLOUDFLARE_DOMAINS = toString config.cloudflare.noProxyDomains;
}; };
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
DynamicUser = true; DynamicUser = true;
StateDirectory = "cloudflare-dyndns-noproxy"; StateDirectory = "cloudflare-dyndns-noproxy";
EnvironmentFile = config.services.cloudflare-dyndns.apiTokenFile; EnvironmentFile = config.services.cloudflare-dyndns.apiTokenFile;
ExecStart = let ExecStart = let
args = [ "--cache-file /var/lib/cloudflare-dyndns-noproxy/ip.cache" ] args =
++ (if config.services.cloudflare-dyndns.ipv4 then [ "--cache-file /var/lib/cloudflare-dyndns-noproxy/ip.cache" ]
[ "-4" ] ++ (if config.services.cloudflare-dyndns.ipv4 then
else [ "-4" ]
[ "-no-4" ]) ++ (if config.services.cloudflare-dyndns.ipv6 then
[ "-6" ]
else else
[ "-no-6" ]) [ "-no-4" ]) ++ (if config.services.cloudflare-dyndns.ipv6 then
++ lib.optional config.services.cloudflare-dyndns.deleteMissing [ "-6" ]
"--delete-missing"; else
[ "-no-6" ])
++ lib.optional config.services.cloudflare-dyndns.deleteMissing
"--delete-missing";
in "${pkgs.cloudflare-dyndns}/bin/cloudflare-dyndns ${toString args}"; in "${pkgs.cloudflare-dyndns}/bin/cloudflare-dyndns ${toString args}";
};
}; };
};
}; };
} }