Move secret management to agenix

- https://nixos.wiki/wiki/Agenix - https://github.com/ryantm/agenix - https://jonascarpay.com/posts/2021-07-27-agenix.html
author: Linnnus <[email protected]> 2023-09-30 12:09:19 +0200
committer: Linnnus <[email protected]> 2023-09-30 12:10:15 +0200
commit: 8798940cad00296d3a9e88988e6678eef670d21a (patch)
tree: 79a6f92b6ed828c6fa80383c48be6f7a3a8ca8d6 /hosts/ahmed/cloudflare-ddns.nix
parent: ad288b5c49c7e7323ad11ec2b1320905ba1b8674 (diff)
1 files changed, 23 insertions, 0 deletions
diff --git a/hosts/ahmed/cloudflare-ddns.nix b/hosts/ahmed/cloudflare-ddns.nix
new file mode 100644
index 0000000..58f53b0
--- /dev/null
+++ b/hosts/ahmed/cloudflare-ddns.nix
@@ -0,0 +1,23 @@
+# This module sets up cloudflare-dyndns for <linus.onl>.
+
+{ lib, config, ... }:
+
+let
+
+in
+{
+  age.secrets.cloudflare-dyndns-api-token = {
+    file = ../../secrets/cloudflare-ddns-token.age;
+    # TODO: configure permissions
+  };
+
+  services.cloudflare-dyndns = {
+    enable = true;
+    apiTokenFile = config.age.secrets.cloudflare-dyndns-api-token.path;
+    proxied = true;
+    domains = [ "linus.onl" ];
+  };
+
+  # Override the systemd service generated by `services.cloudflare-dyndns` to wait for key to be decrypted.
+  systemd.services.cloudflare-dyndns.after = [ "cloudflare-ddns-key.service" ];
+}
author	Linnnus <[email protected]>	2023-09-30 12:09:19 +0200
committer	Linnnus <[email protected]>	2023-09-30 12:10:15 +0200
commit	8798940cad00296d3a9e88988e6678eef670d21a (patch)
tree	79a6f92b6ed828c6fa80383c48be6f7a3a8ca8d6 /hosts/ahmed/cloudflare-ddns.nix
parent	ad288b5c49c7e7323ad11ec2b1320905ba1b8674 (diff)