random test

2025-01-19 15:11:59 +01:00 · 2025-01-19 15:11:59 +01:00 · 700bca41c3
commit 700bca41c3
parent 03def204c7
8 changed files with 254 additions and 51 deletions
--- a/modules/networking/caddy.nix
+++ b/modules/networking/caddy.nix
@ -28,29 +28,27 @@ in
      ];
    };

-    # claudflareApiKeyFile = lib.mkOption {
-    #   default = "";
-    #   type = lib.types.str;
-    #   description = ''
-    #     Cloudflare API key file
-    #   '';
-    # };
+    dynamicdnsDomains = lib.mkOption {
+      type = lib.types.listOf (lib.types.attrsOf lib.types.str);
+      description = ''
+        A list of domains to update with the dynamicdns plugin.
+      '';
+      default = [
+        {
+          domain = "example.com";
+          cloudflareApiEnvName = "CLOUDFLARE_API_TOKEN_MY_DOMAIN";
+        }
+      ];
+    };

-    # domain = lib.mkOption {
-    #   default = "example.com";
-    #   type = lib.types.str;
-    #   description = ''
-    #     The domain where Caddy is reachable
-    #   '';
-    # };
-
-    # email = lib.mkOption {
-    #   default = "user@domain.com";
-    #   type = lib.types.str;
-    #   description = ''
-    #     Email for Certbot
-    #   '';
-    # };
+    configEnvFile = lib.mkOption {
+      type = lib.types.path;
+      description = ''
+        Path to the environment file that contains the secrets like Cloudflare API key.
+        In order to use the dynamicdns plugin, you need to set "cloudflareApiEnvName" for each domain in the dynamicdnsDomains list.
+      '';
+      default = "";
+    };

  };

@ -79,26 +77,46 @@ in
        }) cfg.domainsList
      );

-      # certs."${cfg.domain}" = {
-      #   group = config.services.caddy.group;
-
-      #   domain = "${cfg.domain}";
-      #   extraDomainNames = [ "*.${cfg.domain}" ];
-      #   dnsProvider = "cloudflare";
-      #   dnsResolver = "1.1.1.1:53";
-      #   dnsPropagationCheck = true;
-      #   environmentFile = cfg.claudflareApiKeyFile;
-      # };
    };

    services.caddy = {
      enable = true;
-      globalConfig = ''
-        admin :2024
-        servers {
-          metrics
-        }
-      '';
+
+      # Waiting for https://github.com/NixOS/nixpkgs/issues/14671 to be released
+      package = pkgs.callPackage ../../packages/caddy.nix {
+        externalPlugins = [
+          {
+            name = "cloudflare";
+            repo = "github.com/caddy-dns/cloudflare";
+            version = "master";
+          }
+          {
+            name = "dynamicdns";
+            repo = "github.com/mholt/caddy-dynamicdns";
+            version = "7c818ab3fc3485a72a346f85c77810725f19f9cf";
+          }
+        ];
+        vendorHash = "sha256-AWKokxGG2iCouhet5cPiKTuL9g9RQihkBRReU1nw9jc=";
+      };
+
+      globalConfig =
+        ''
+          admin :2024
+          servers {
+            metrics
+          }
+        ''
+        + lib.concatStringsSep "\n" (
+          map (dynamicdnsDomain: ''
+            dynamic_dns {
+              provider cloudflare {env.${dynamicdnsDomain.cloudflareApiEnvName}}
+              domains {
+                ${dynamicdnsDomain.domain} @
+              }
+              dynamic_domains
+            }
+          '') cfg.dynamicdnsDomains
+        );

      extraConfig = lib.concatStringsSep "\n" (
        map (
@ -116,21 +134,11 @@ in
        ) cfg.domainsList
      );

-      # extraConfig =
-      #   let
-      #     certPath = config.security.acme.certs."${cfg.domain}".directory;
-      #   in
-      #   ''
-      #     (cloudflare) {
-      #       tls ${certPath}/cert.pem ${certPath}/key.pem {
-      #         protocols tls1.3
-      #       }
-      #     }
-      #   '';
    };

    systemd.services.caddy.serviceConfig = {
      AmbientCapabilities = "CAP_NET_BIND_SERVICE";
+      EnvironmentFile = cfg.configEnvFile;
    };

    # By default, the module create a custom user but it lacks permission to read caddy files
--- a/modules/networking/ddclient.nix
+++ b/modules/networking/ddclient.nix
@ -0,0 +1,27 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.my.networking.ddclient;
+in
+{
+  options.my.networking.ddclient = {
+    enable = lib.mkEnableOption "Enable DDClient dynamic DNS client";
+    configFile = lib.mkOption {
+      type = lib.types.path;
+      default = "/etc/ddclient/ddclient.conf";
+      description = "Path to the ddclient configuration file (use agenix path)";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.ddclient = {
+      enable = true;
+      configFile = cfg.configFile;
+    };
+  };
+
+}
--- a/modules/networking/default.nix
+++ b/modules/networking/default.nix
@ -2,6 +2,7 @@
  imports = [
    ./avahi.nix
    ./caddy.nix
+    ./ddclient.nix
    ./nas-samba-share.nix
    ./tailscale.nix
  ];
--- a/modules/services/nextcloud.nix
+++ b/modules/services/nextcloud.nix
@ -74,7 +74,10 @@ in
            overwriteProtocol = "https";
            defaultPhoneRegion = "IT";
            trusted_proxies = [ "192.168.1.150" ];
-            trusted_domains = [ "cloud.${cfg.proxy.domain}" ];
+            trusted_domains = [
+              "cloud.${cfg.proxy.domain}"
+              "nextcloud.internal"
+            ];
            maintenance_window_start = 1;
            enabledPreviewProviders = [
              "OC\\Preview\\BMP"