From 3c214d788e671e867231d30374465f14969c46dd Mon Sep 17 00:00:00 2001
From: Mathias Magnusson <mathias@magnusson.space>
Date: Tue, 18 Nov 2025 16:00:45 +0100
Subject: move ddns setup to hetzner

---
 router.nix | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

(limited to 'router.nix')

diff --git a/router.nix b/router.nix
index 20d07c1..3cc17bc 100644
--- a/router.nix
+++ b/router.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, inputs, ... }:
 {
   boot.kernel.sysctl."net.ipv4.conf.all.forwarding" = true;
 
@@ -113,7 +113,11 @@
   };
   services.resolved.enable = false;
 
-  services.networkd-dispatcher = {
+  services.networkd-dispatcher =
+  let
+    logPath = "/home/mathias/networkd-dispatcher-run";
+  in
+  {
     enable = true;
     rules."ddns" = {
       onState = [ "routable" ];
@@ -124,8 +128,13 @@
           exit 0
         fi
 
-        ${pkgs.curl}/bin/curl "$(cat "${config.age.secrets."dyndns-url.txt".path}")"
-        printf "%s: %s\n" "$(date)" "$ADDR" >> /home/mathias/networkd-dispatcher-run
+        {
+          echo
+          printf "%s: %s\n" "$(date)" "$ADDR"
+          HCLOUD_TOKEN="$(cat "${config.age.secrets."hcloud-token.txt".path}")" \
+            ${inputs.unstable.legacyPackages.${pkgs.system}.hcloud}/bin/hcloud \
+            zone rrset set-records 0m.nu @ A --record "''${ADDR%% *}" 2>&1
+        } >> "${logPath}"
 
         exit 0
       '';
@@ -197,5 +206,5 @@
 
   age.secrets."wifi-password-staff.txt".file = ./secrets/wifi-password-staff.txt.age;
   age.secrets."wifi-password-guest.txt".file = ./secrets/wifi-password-guest.txt.age;
-  age.secrets."dyndns-url.txt".file = ./secrets/dyndns-url.txt.age;
+  age.secrets."hcloud-token.txt".file = ./secrets/hcloud-token.txt.age;
 }
-- 
cgit v1.2.3