test: ddns

jz8132543 · Feb 23, 2024 · 3e880f1 · 3e880f1
1 parent d49b3cc
commit 3e880f1
Show file tree

Hide file tree

Showing 7 changed files with 242 additions and 7 deletions.
diff --git a/lib/data/data.json b/lib/data/data.json
@@ -68,6 +68,15 @@
       "endpoints_v6": [],
       "host_indices": [1]
     },
+    "isk": {
+      "dn42_addresses_v4": ["172.23.224.102"],
+      "dn42_addresses_v6": ["fd72:db83:badd:6::1"],
+      "dn42_v6_prefixes": ["fd72:db83:badd:6::/64"],
+      "endpoints": [],
+      "endpoints_v4": [],
+      "endpoints_v6": [],
+      "host_indices": [6]
+    },
     "surface": {
       "dn42_addresses_v4": ["172.23.224.126"],
       "dn42_addresses_v6": ["fd72:db83:badd:1e::1"],

diff --git a/nixos/hosts/isk/default.nix b/nixos/hosts/isk/default.nix
@@ -9,11 +9,13 @@
     ++ [
       ./hardware-configuration.nix
       ./_steam
+      nixosModules.services.ddns
       nixosModules.services.traefik
       nixosModules.services.postgres
+      nixosModules.services.derp
       (import nixosModules.services.matrix {PG = "127.0.0.1";})
     ];
   environment.isNAT = true;
   environment.isCN = true;
-  # networking.firewall.enable = lib.mkForce false;
+  networking.firewall.enable = lib.mkForce false;
 }
diff --git a/nixos/hosts/isk/hardware-configuration.nix b/nixos/hosts/isk/hardware-configuration.nix
@@ -9,5 +9,24 @@
   boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
   boot.kernelModules = ["kvm-intel"];
   utils.disk = "/dev/sda";
+  networking = {
+    nat = {
+      enable = true;
+      # dmzHost = "192.168.1.111";
+    };
+    interfaces.enp6s18 = {
+      useDHCP = true;
+      ipv4.addresses = [
+        {
+          address = "192.168.1.111";
+          prefixLength = 24;
+        }
+      ];
+    };
+    defaultGateway = {
+      address = "192.168.1.1";
+      interface = "enp6s18";
+    };
+  };
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }
diff --git a/nixos/modules/services/ddns.nix b/nixos/modules/services/ddns.nix
@@ -0,0 +1,17 @@
+{config, ...}: {
+  sops.secrets = {
+    "traefik/cloudflare_token" = {};
+  };
+  services.ddclient = {
+    enable = true;
+    interval = "5min";
+    username = "token";
+    passwordFile = config.sops.secrets."traefik/cloudflare_token".path;
+    protocol = "cloudflare";
+    zone = config.networking.domain;
+    domains = [config.networking.fqdn];
+    ssl = true;
+    use = "web,web=ifconfig.me/ip";
+    verbose = true;
+  };
+}
diff --git a/secrets/terraform-outputs.yaml b/secrets/terraform-outputs.yaml
@@ -142,6 +142,29 @@ hosts:
               host_indices:
                 - ENC[AES256_GCM,data:/4TMcQ==,iv:IYj37kAXLyjB0q59XFz94czAjelZgBoFILxR7hAdA1g=,tag:1rqDWB3Q8WRfAVO7ou0cMg==,type:str]
                 - ENC[AES256_GCM,data:MbhLSUI+,iv:/UefZ39ju2o3NMiOrYBPzG22v/DLqppsXHrDj7YeMF8=,tag:+cAMjbtmr/mU1aLmzdawtA==,type:str]
+          isk:
+            - ENC[AES256_GCM,data:+iMIkxro,iv:kY0rpocYNKiv8/XSMTGhSvnYpAKoKCMhrNTbL950bzA=,tag:wdatGea8vGimQwaXdKVyBA==,type:str]
+            - dn42_addresses_v4:
+                - ENC[AES256_GCM,data:kgqe15Q=,iv:bl8GLUrzOBy9VE1VkUvRdJj3izO99g0TNKyWTqcb3/Y=,tag:0ufyvSvughXAw4LvKjt+zg==,type:str]
+                - - ENC[AES256_GCM,data:m6YbdZSv,iv:xNaPI3xdO1Zwx+wRrv6Hbl9EzsAS6kQaVyxIf454s/Y=,tag:ZsNJr4DRugKGIouy6fk7EA==,type:str]
+              dn42_addresses_v6:
+                - ENC[AES256_GCM,data:kYkvxIo=,iv:Gt0/HAIV8Dzj8aeo6w7WEm0Q5+BtJA4sHTQORl288ZQ=,tag:ETp0y4gHC2mHqLhxmpXT4Q==,type:str]
+                - - ENC[AES256_GCM,data:Tso5+vzf,iv:8iHyshbecWncQAPpfcftY14/ksRDFmARQ0GLDCKp88k=,tag:pBPsiBWwfSh1cglE4ynb1g==,type:str]
+              dn42_v6_prefixes:
+                - ENC[AES256_GCM,data:G+2IQT8=,iv:p+zJVhmGzVzTP2mwhY+iLx+hdxQfUc5sze90LCQQV1k=,tag:egV7xfk8lEPvfTUM8Yb9Ug==,type:str]
+                - - ENC[AES256_GCM,data:1g5j4iEH,iv:G4h8Y4i/bRkq1LeDid7pMcNmd7QueF/40hcI2ZtXr7M=,tag:s3P3BWiENZNWA+jb4PdUKA==,type:str]
+              endpoints:
+                - ENC[AES256_GCM,data:VPyJqQ==,iv:OpE3Lz7mj8CyEUTspDavhfrh7GGZTRDMdh/f0TjjU3k=,tag:SmdvFeQi4YY2D2/1nD5EkA==,type:str]
+                - ENC[AES256_GCM,data:9APazLFf,iv:yOyH3c8Cf7y13g3Ll0XVPpfwlzVykZUSpzEYWy+iIms=,tag:C71USjg3aI174bIdzAbq7Q==,type:str]
+              endpoints_v4:
+                - ENC[AES256_GCM,data:sjksPQ==,iv:dZn4gAigMOJxPkMTYp5Rbi+lXGWn7x7ySpfAUIblbb8=,tag:9g8g4zYTGlNXSDw274O4TA==,type:str]
+                - ENC[AES256_GCM,data:9H8f0kfM,iv:ty2ESrjKBU1IX++8vmvCf+gzDGYSsodHjgkEG0NckzE=,tag:hVReQ7MmhVUovGV+0AlBGA==,type:str]
+              endpoints_v6:
+                - ENC[AES256_GCM,data:GYWH9Q==,iv:b5DvH27VeG5JMXrTW4fjZ6fY7FJzN34NwboKGaa6TUU=,tag:a+PbNPfctg3Sq0FsLnuF8g==,type:str]
+                - ENC[AES256_GCM,data:XsLe7cPv,iv:aQ5fj/y8qYEd/LY8o7npWMWnfZmJ8Ssk9t//q8wi2fQ=,tag:NuPe436XePucpKoTieaSNA==,type:str]
+              host_indices:
+                - ENC[AES256_GCM,data:06xYxA==,iv:1o+tnZIY6Eb3eB58qYJZJft1tbODrrCmaLIqgvYSDKI=,tag:AUuPh2n8lpVCZc3OTkLJcg==,type:str]
+                - ENC[AES256_GCM,data:AzCBMVjt,iv:4+4xz51YSbkokfrgY2iePM0plHyDmghSc+3KkLJTl4s=,tag:b1ihwsuED31/DfNYYXG1XQ==,type:str]
           surface:
             - ENC[AES256_GCM,data:uVM2nzXZ,iv:xRf43cNQMjG8A5rR/b5buQ+zJ5dNbkecQREEZfv7BD4=,tag:6YDw2hVWghwkQy8MPInnbQ==,type:str]
             - dn42_addresses_v4:
@@ -214,6 +237,18 @@ hosts:
             endpoints_v6: []
             host_indices:
                 - ENC[AES256_GCM,data:ZA==,iv:VFzypgVpL1IPhN1w4ENoX7udlcc+zIVlfuVKBFH8PDY=,tag:5m94D0JHbAOAhMrEVR4iXw==,type:int]
+        isk:
+            dn42_addresses_v4:
+                - ENC[AES256_GCM,data:vGgaBw5eMUV8fTwwURM=,iv:wqZCjZcPgmU3kZe3CjwIZmKVjjhRf2Yr+EHfQEgwwBc=,tag:D+bqBRbEA7Kg869Ej3noeQ==,type:str]
+            dn42_addresses_v6:
+                - ENC[AES256_GCM,data:grtCjq14CHY+q1Xp3GhZ+kgNsA==,iv:/dpdoBfa2lSby8OsEythJd/WFY+R94dKp5PanasT5oQ=,tag:hEjBhQe01yeP6rMdL2w9HA==,type:str]
+            dn42_v6_prefixes:
+                - ENC[AES256_GCM,data:egsimk0tHGE7Qc0qNIdF8ZzMDfEF,iv:QB57hX22RiZDOEg/0HElWxTFa//LIYd8aLmaj5kIK4w=,tag:etVbkDDhhpCuF09A17/y2A==,type:str]
+            endpoints: []
+            endpoints_v4: []
+            endpoints_v6: []
+            host_indices:
+                - ENC[AES256_GCM,data:EQ==,iv:BOQBSG+vKjFZQNxDQ7m5L2yEtPzlLM4IZLfzwcaC5M4=,tag:6m7l6ns66E2cxb9mj3/srQ==,type:int]
         surface:
             dn42_addresses_v4:
                 - ENC[AES256_GCM,data:4lI5E03KvoBklrnJuvQ=,iv:Do83VGMAwNgM/Qur9GlB2jrtLou+LE6IEYG+iap85Ew=,tag:+fQ1V70LTJZNhQfA/rhcOQ==,type:str]
@@ -323,8 +358,8 @@ sops:
             Sk1Fd3hqM0pwWFpqY2d4eW1hWUR1bFEKK9ffnx65jbajKVVBp4jjcweT1qldCjWD
             ZJOFlhxryKDdn6oRW+G/9g133IjrQrXiwhqzC/fm0HA6mk/XiIiSxA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-02-10T05:53:19Z"
-    mac: ENC[AES256_GCM,data:z2h01KicjXb64NR9VU1CFYSadh1qlW1WJg+S0ouQ9oOTPkC8MbFP6/wmp6PCu27AOcd92pSaziuRQZWZpTk6lKCMpiR48vuHaUObwwuQX6cMfTfgJzRlIf5m+0FnNJdiy8Vy+2ab5QClW+OcCpiP68mnluGnL3ofSlTZgWu/7Zs=,iv:RVoDcJhRDeXUFfeDEx7X+ycP5rwYS8iLIYmppCJs5Ow=,tag:/gI4lJS9AINZVZBtdR2LiQ==,type:str]
+    lastmodified: "2024-02-23T05:22:13Z"
+    mac: ENC[AES256_GCM,data:U9SAL7ahznojqqqnA/4c/Sfkcx/6MKTQfaTEeNrlOGr97QLMXZXNX0EZKQhtyatGdOcZeUl4z12igo8mdMg4tZKhxlBPyx2wYEDfKzkRj3JxhSpKzEAILOuwcl1f6aobFUYtlxrS8u49czdIE1uR9id36dBIf+x/6HqQ15wXjf8=,iv:u1T1Jl4JFTF7iB9uJHc2dvQfTMRVNfvdg+FlymqZv9Q=,tag:kUVj6fTj33snsY7wRfEpkw==,type:str]
     pgp:
         - created_at: "2023-06-12T05:51:36Z"
           enc: |