rrvsh/pantheon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor(server/ddns): make domains modular

Browse source
This commit is contained in:
Mohammad Rafiq 2025-06-13 04:00:43 +08:00
parent 83e7043eb5
commit 181e5d6ec8
No known key found for this signature in database
4 changed files with 73 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

49
modules/nixos/server/default.nix
View file

@ -6,58 +6,9 @@
{ {
options.server = { options.server = {
mountHelios = lib.mkEnableOption ""; mountHelios = lib.mkEnableOption "";
enableDDNS = lib.mkEnableOption "";
}; };
config = lib.mkMerge [ config = lib.mkMerge [
(lib.mkIf config.server.enableDDNS {
services.godns = {
enable = true;
loadCredential = [
"cf_token:${config.sops.secrets."keys/cloudflare".path}"
"telegram_bot_token:${config.sops.secrets."keys/telegram_bot".path}"
];
settings = {
provider = "Cloudflare";
login_token_file = "$CREDENTIALS_DIRECTORY/cf_token";
domains = [
{
domain_name = "rrv.sh";
sub_domains = [ "@" ];
}
{
domain_name = "aenyrathia.wiki";
sub_domains = [ "@" ];
}
{
domain_name = "bwfiq.com";
sub_domains = [ "*" ];
}
{
domain_name = "slayment.com";
sub_domains = [ "*" ];
}
];
resolver = "1.1.1.1";
ip_urls = [
"https://wtfismyip.com/text"
"https://api.ipify.org"
"https://myip.biturl.top"
"https://api-ipv4.ip.sb/ip"
];
ip_type = "IPv4";
interval = 300;
notify = {
telegram = {
enabled = true;
bot_api_key_file = "$CREDENTIALS_DIRECTORY/telegram_bot_token";
chat_id = "384288005";
message_template = "Domain *{{ .Domain }} has been updated to %0A{{ .CurrentIP }}";
};
};
};
};
})
(lib.mkIf config.server.mountHelios { (lib.mkIf config.server.mountHelios {
fileSystems."/media/helios/data" = { fileSystems."/media/helios/data" = {
device = "//helios/data"; device = "//helios/data";

62
modules/nixos/server/networking/ddns/default.nix Normal file
View file

@ -0,0 +1,62 @@
{ config, lib, ... }:
let
inherit (lib) mkIf mkOption mkEnableOption;
inherit (lib.types) enum str listOf;
inherit (lib.lists) unique;
inherit (builtins) map;
cfg = config.server.networking.ddns;
mkDomain = domain_name: {
inherit domain_name;
sub_domains = [
"@"
"*"
];
};
# Sanitize the list of domains with unique so we can add to it with every service.
mkDomains = map mkDomain (unique cfg.domains);
in
{
options.server.networking.ddns = {
enable = mkEnableOption "";
type = mkOption {
type = enum [ "godns" ];
default = "godns";
};
domains = mkOption {
type = listOf str;
default = [ ];
};
};
config = mkIf cfg.enable {
services.godns = {
enable = if (cfg.type == "godns") then true else false;
loadCredential = [
"cf_token:${config.sops.secrets."keys/cloudflare".path}"
"telegram_bot_token:${config.sops.secrets."keys/telegram_bot".path}"
];
settings = {
provider = "Cloudflare";
login_token_file = "$CREDENTIALS_DIRECTORY/cf_token";
domains = mkDomains;
resolver = "1.1.1.1";
ip_urls = [
"https://wtfismyip.com/text"
"https://api.ipify.org"
"https://myip.biturl.top"
"https://api-ipv4.ip.sb/ip"
];
ip_type = "IPv4";
interval = 300;
notify = {
telegram = {
enabled = true;
bot_api_key_file = "$CREDENTIALS_DIRECTORY/telegram_bot_token";
chat_id = "384288005";
message_template = "Domain *{{ .Domain }} has been updated to %0A{{ .CurrentIP }}";
};
};
};
};
};
}

3
modules/nixos/server/web-apps/mattermost/default.nix
View file

@ -1,5 +1,7 @@
{ config, lib, ... }: { config, lib, ... }:
let let
inherit (lib) singleton;
inherit (lib.pantheon) mkRootDomain;
cfg = config.server.web-apps.mattermost; cfg = config.server.web-apps.mattermost;
upstreamCfg = config.services.mattermost; upstreamCfg = config.services.mattermost;
mkDir = directory: { mkDir = directory: {
@ -37,6 +39,7 @@ in
(mkDir cfg.dataDir) (mkDir cfg.dataDir)
]; ];
networking.firewall.allowedTCPPorts = lib.singleton cfg.port; networking.firewall.allowedTCPPorts = lib.singleton cfg.port;
server.networking.ddns.domains = singleton (mkRootDomain cfg.url);
services.mattermost = { services.mattermost = {
enable = true; enable = true;
inherit (cfg) inherit (cfg)

9
systems/x86_64-linux/apollo/default.nix
View file

@ -20,7 +20,14 @@
}; };
server = { server = {
enableDDNS = true; networking.ddns = {
enable = true;
domains = [
"rrv.sh"
"aenyrathia.wiki"
"slayment.com"
];
};
databases = { databases = {
mongodb.enable = true; mongodb.enable = true;
mysql.enable = true; mysql.enable = true;