diff options
| -rw-r--r-- | router.nix | 20 | ||||
| -rw-r--r-- | secrets/dyndns-url.txt.age | bin | 0 -> 890 bytes | |||
| -rw-r--r-- | secrets/secrets.nix | 10 |
3 files changed, 23 insertions, 7 deletions
@@ -1,5 +1,6 @@ -{ config, ... }: +{ config, pkgs, ... }: let + wanInterface = "enp8s0"; lanInterface = "enp5s0f0u2"; wifiInterface = "wlp9s0"; in @@ -11,7 +12,7 @@ in firewall.filterForward = true; nat = { enable = true; - externalInterface = "enp8s0"; + externalInterface = wanInterface; internalInterfaces = [ "br0" ]; # forwardPorts = [{ sourcePort = 1234; destination = "10.69.0.2:12345"; }]; }; @@ -23,6 +24,17 @@ in networkmanager = { enable = true; unmanaged = [ "interface-name:${lanInterface}" "interface-name:${wifiInterface}" ]; + dispatcherScripts = [ { + type = "basic"; + source = pkgs.writeScript "dynamic-dns-on-ipv4-change" '' + #!/bin/sh + + [ "$1" = "${wanInterface}" ] || exit + [ "$2" = dhcp4-change ] || exit + ${pkgs.curl}/bin/curl "$(cat "${config.age.secrets."dyndns-url.txt".path}")" + date >> /home/mathias/networkmanager-dispatcherScripts-run + ''; + } ]; }; }; services.hostapd = { @@ -42,7 +54,6 @@ in }; }; }; - age.secrets."wifi-password.txt".file = ./secrets/wifi-password.txt.age; services.dnsmasq = { enable = true; @@ -69,4 +80,7 @@ in networking.firewall.allowedUDPPorts = [ 53 67 ]; networking.firewall.allowedTCPPorts = [ 53 ]; oden.persist.directories = [ "/var/lib/dnsmasq" ]; + + age.secrets."wifi-password.txt".file = ./secrets/wifi-password.txt.age; + age.secrets."dyndns-url.txt".file = ./secrets/dyndns-url.txt.age; } diff --git a/secrets/dyndns-url.txt.age b/secrets/dyndns-url.txt.age Binary files differnew file mode 100644 index 0000000..dbf3c3a --- /dev/null +++ b/secrets/dyndns-url.txt.age diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 4963e52..8673c6d 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -6,8 +6,10 @@ let "age1yubikey1q2gkk5zhme43j9mzv8pyd22d60vv5v73aupcqw09fz8apwhw4qw3yd3n0w5" # yubikey5nano "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPC69ml72mqbn7L3QkpsCJuWdrKFYFNd0MaS5xERbuSF" # ymer ]; + files = [ + "wifi-password.txt.age" + "password-hash.txt.age" + "dyndns-url.txt.age" + ]; in -{ - "wifi-password.txt.age".publicKeys = keys; - "password-hash.txt.age".publicKeys = keys; -} +builtins.listToAttrs (map (name: { inherit name; value.publicKeys = keys; }) files) |