fix: add second no-proxy dyndns for minecraft and others

This commit is contained in:
Noah Masur 2024-03-30 15:56:58 +00:00
parent f757e4a894
commit bbc529287d
No known key found for this signature in database
4 changed files with 47 additions and 0 deletions

View File

@ -239,6 +239,7 @@
influxdb = "influxdb.${baseName}"; influxdb = "influxdb.${baseName}";
irc = "irc.${baseName}"; irc = "irc.${baseName}";
metrics = "metrics.${baseName}"; metrics = "metrics.${baseName}";
minecraft = "minecraft.${baseName}";
prometheus = "prom.${baseName}"; prometheus = "prom.${baseName}";
paperless = "paper.${baseName}"; paperless = "paper.${baseName}";
secrets = "vault.${baseName}"; secrets = "vault.${baseName}";

View File

@ -75,6 +75,10 @@
type = lib.types.str; type = lib.types.str;
description = "Hostname for metrics server."; description = "Hostname for metrics server.";
}; };
minecraft = lib.mkOption {
type = lib.types.str;
description = "Hostname for Minecraft server.";
};
paperless = lib.mkOption { paperless = lib.mkOption {
type = lib.types.str; type = lib.types.str;
description = "Hostname for document server (paperless-ngx)."; description = "Hostname for document server (paperless-ngx).";

View File

@ -44,6 +44,8 @@ in {
networking.firewall.allowedTCPPorts = [ publicPort ]; networking.firewall.allowedTCPPorts = [ publicPort ];
cloudflare.noProxyDomains = [ config.hostnames.minecraft ];
## Automatically start and stop Minecraft server based on player connections ## Automatically start and stop Minecraft server based on player connections
# Adapted shamelessly from: # Adapted shamelessly from:

View File

@ -46,6 +46,11 @@ in {
options.cloudflare.enable = lib.mkEnableOption "Use Cloudflare."; options.cloudflare.enable = lib.mkEnableOption "Use Cloudflare.";
options.cloudflare.noProxyDomains = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "Domains to use for dyndns without CDN proxying.";
};
config = lib.mkIf config.cloudflare.enable { config = lib.mkIf config.cloudflare.enable {
# Forces Caddy to error if coming from a non-Cloudflare IP # Forces Caddy to error if coming from a non-Cloudflare IP
@ -95,6 +100,7 @@ in {
services.cloudflare-dyndns = { services.cloudflare-dyndns = {
enable = true; enable = true;
proxied = true; proxied = true;
deleteMissing = true;
apiTokenFile = config.secrets.cloudflare-api.dest; apiTokenFile = config.secrets.cloudflare-api.dest;
}; };
@ -104,5 +110,39 @@ in {
requires = [ "cloudflare-api-secret.service" ]; requires = [ "cloudflare-api-secret.service" ];
}; };
# Run a second copy of dyn-dns for non-proxied domains
# Adapted from: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/networking/cloudflare-dyndns.nix
systemd.services.cloudflare-dyndns-noproxy = {
description = "CloudFlare Dynamic DNS Client (no proxy)";
after = [ "network.target" "cloudflare-api-secret.service" ];
requires = [ "cloudflare-api-secret.service" ];
wantedBy = [ "multi-user.target" ];
startAt = "*:0/5";
environment = {
CLOUDFLARE_DOMAINS = toString config.cloudflare.noProxyDomains;
};
serviceConfig = {
Type = "simple";
DynamicUser = true;
StateDirectory = "cloudflare-dyndns-noproxy";
EnvironmentFile = config.services.cloudflare-dyndns.apiTokenFile;
ExecStart = let
args = [ "--cache-file /var/lib/cloudflare-dyndns-noproxy/ip.cache" ]
++ (if config.services.cloudflare-dyndns.ipv4 then
[ "-4" ]
else
[ "-no-4" ]) ++ (if config.services.cloudflare-dyndns.ipv6 then
[ "-6" ]
else
[ "-no-6" ])
++ lib.optional config.services.cloudflare-dyndns.deleteMissing
"--delete-missing";
in "${pkgs.cloudflare-dyndns}/bin/cloudflare-dyndns ${toString args}";
};
};
}; };
} }