From 1544ace9cf9a08df4429848a9afe2dd2cd451151 Mon Sep 17 00:00:00 2001
From: Mathias Magnusson <mathias@magnusson.space>
Date: Sun, 19 Oct 2025 16:32:35 +0200
Subject: Add dynamic dns

---
 router.nix                 |  20 +++++++++++++++++---
 secrets/dyndns-url.txt.age | Bin 0 -> 890 bytes
 secrets/secrets.nix        |  10 ++++++----
 3 files changed, 23 insertions(+), 7 deletions(-)
 create mode 100644 secrets/dyndns-url.txt.age

diff --git a/router.nix b/router.nix
index 0429dfa..55ae603 100644
--- a/router.nix
+++ b/router.nix
@@ -1,5 +1,6 @@
-{ config, ... }:
+{ config, pkgs, ... }:
 let
+  wanInterface = "enp8s0";
   lanInterface = "enp5s0f0u2";
   wifiInterface = "wlp9s0";
 in
@@ -11,7 +12,7 @@ in
     firewall.filterForward = true;
     nat = {
       enable = true;
-      externalInterface = "enp8s0";
+      externalInterface = wanInterface;
       internalInterfaces = [ "br0" ];
       # forwardPorts = [{ sourcePort = 1234; destination = "10.69.0.2:12345"; }];
     };
@@ -23,6 +24,17 @@ in
     networkmanager = {
       enable = true;
       unmanaged = [ "interface-name:${lanInterface}" "interface-name:${wifiInterface}" ];
+      dispatcherScripts = [ {
+        type = "basic";
+        source = pkgs.writeScript "dynamic-dns-on-ipv4-change" ''
+          #!/bin/sh
+
+          [ "$1" = "${wanInterface}" ] || exit
+          [ "$2" = dhcp4-change ] || exit
+          ${pkgs.curl}/bin/curl "$(cat "${config.age.secrets."dyndns-url.txt".path}")"
+          date >> /home/mathias/networkmanager-dispatcherScripts-run
+        '';
+      } ];
     };
   };
   services.hostapd = {
@@ -42,7 +54,6 @@ in
       };
     };
   };
-  age.secrets."wifi-password.txt".file = ./secrets/wifi-password.txt.age;
 
   services.dnsmasq = {
     enable = true;
@@ -69,4 +80,7 @@ in
   networking.firewall.allowedUDPPorts = [ 53 67 ];
   networking.firewall.allowedTCPPorts = [ 53 ];
   oden.persist.directories = [ "/var/lib/dnsmasq" ];
+
+  age.secrets."wifi-password.txt".file = ./secrets/wifi-password.txt.age;
+  age.secrets."dyndns-url.txt".file = ./secrets/dyndns-url.txt.age;
 }
diff --git a/secrets/dyndns-url.txt.age b/secrets/dyndns-url.txt.age
new file mode 100644
index 0000000..dbf3c3a
Binary files /dev/null and b/secrets/dyndns-url.txt.age differ
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 4963e52..8673c6d 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -6,8 +6,10 @@ let
     "age1yubikey1q2gkk5zhme43j9mzv8pyd22d60vv5v73aupcqw09fz8apwhw4qw3yd3n0w5" # yubikey5nano
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPC69ml72mqbn7L3QkpsCJuWdrKFYFNd0MaS5xERbuSF" # ymer
   ];
+  files = [
+    "wifi-password.txt.age"
+    "password-hash.txt.age"
+    "dyndns-url.txt.age"
+  ];
 in
-{
-  "wifi-password.txt.age".publicKeys = keys;
-  "password-hash.txt.age".publicKeys = keys;
-}
+builtins.listToAttrs (map (name: { inherit name; value.publicKeys = keys; }) files)
-- 
cgit v1.2.3