i

hosts/xenon/configuration.nix

@@ -6,21 +6,25 @@
 
     base.server.enable = true;
 
-    services.storage = {
-      enable = true;
-      mountDevice = "/dev/disk/by-uuid/e3cda2ab-9b36-4d60-9a9c-dfba6f00ab32";
-      interval = "Wed *-*-* 04:00:00";
-      expiresAfter = 90;
-      server = [
-        {
-          name = "argon";
-          ip = "141.147.62.247";
-        }
-        {
-          name = "krypton";
-          ip = "195.201.88.53";
-        }
-      ];
+    services = {
+      dynv6.enable = true;
+
+      storage = {
+        enable = true;
+        mountDevice = "/dev/disk/by-uuid/e3cda2ab-9b36-4d60-9a9c-dfba6f00ab32";
+        interval = "Wed *-*-* 04:00:00";
+        expiresAfter = 90;
+        server = [
+          {
+            name = "argon";
+            ip = "141.147.62.247";
+          }
+          {
+            name = "krypton";
+            ip = "195.201.88.53";
+          }
+        ];
+      };
     };
 
     system.boot.mode = "raspberry";
@@ -36,7 +40,7 @@
   networking.wireless = {
     enable = true;
     environmentFile = config.age.secrets.wireless-config.path;
-    networks."Fritzens WLAN".psk = "@PSK@";
+    networks."Vodafone-12345".psk = "@PSK@";
   };
 
   # needed because wpa_supplicant fails on startup

nixos/misc/agenix.nix

@@ -35,6 +35,7 @@ in
         "cachix-agent-token-krypton"
         "cachix-agent-token-neon"
         "cachix-agent-token-xenon"
+        "dynv6-token"
         "gitea-dbpassword"
         "id-rsa-backup"
         "mysql-backup-password"
@@ -87,6 +88,12 @@ in
           user = "root";
         })
 
+        (buildConfig {
+          name = "dynv6-token";
+          host = "xenon";
+          user = "root";
+        })
+
         (buildConfig {
           name = "gitea-dbpassword";
           host = "krypton";

nixos/services/applications/dynv6.nix

@@ -0,0 +1,60 @@
+{ config, lib, pkgs, ... }:
+
+let
+  inherit (lib)
+    concatMapStringsSep
+    mkEnableOption
+    mkIf
+    mkOption
+    types
+    ;
+
+  cfg = config.custom.services.dynv6;
+
+  stateDir = "/var/lib/dynv6";
+  device = "wlan0";
+  hostname = "gerschtli.dynv6.net";
+  netmask = 64;
+in
+
+{
+
+  ###### interface
+
+  options = {
+
+    custom.services.dynv6.enable = mkEnableOption "dynv6";
+
+  };
+
+
+  ###### implementation
+
+  config = mkIf cfg.enable {
+
+    custom = {
+      agenix.secrets = [ "dynv6-token" ];
+
+      utils.systemd.timers.dynv6 = {
+        description = "dynv6";
+        interval = "Mon *-*-* *:00/10:00";
+
+        serviceConfig.script = toString (config.lib.custom.mkScriptPlain
+          "dynv6.sh"
+          ./dynv6.sh
+          [ pkgs.curl ]
+          {
+            inherit device hostname netmask stateDir;
+            passwordFile = config.age.secrets.dynv6-token.path;
+          }
+        );
+      };
+    };
+
+    systemd.tmpfiles.rules = [
+      "d ${stateDir} 755 root root"
+    ];
+
+  };
+
+}

nixos/services/applications/dynv6.sh

@@ -0,0 +1,31 @@
+hostname="@hostname@"
+device="@device@"
+token="$(cat "@passwordFile@")"
+netmask="@netmask@"
+file="@stateDir@/dynv6.addr6"
+
+if [[ -e "$file" ]]; then
+    old="$(cat "$file")"
+fi
+
+address="$(ip -6 addr list scope global dev "$device" | grep -v " fd" | sed -n 's/.*inet6 \([0-9a-f:]\+\).*/\1/p' | head -n 1)"
+
+if [[ -z "$address" ]]; then
+    echo "no IPv6 address found"
+    exit 1
+fi
+
+# address with netmask
+current="$address/$netmask"
+
+if [[ "$old" = "$current" ]]; then
+    echo "IPv6 address unchanged"
+    exit
+fi
+
+# send addresses to dynv6
+curl -fsS "http://dynv6.com/api/update?hostname=$hostname&ipv6=$current&token=$token"
+curl -fsS "http://ipv4.dynv6.com/api/update?hostname=$hostname&ipv4=auto&token=$token"
+
+# save current address
+echo "$current" > "$file"

secrets/xenon/dynv6-token.age

@@ -0,0 +1,11 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3MEZXV09pSllLVUI4cWdX
+dUpscUs3V1BHSmY2RDRYZTZsS3dwd2ozaDNNCnA1NnZmV1J0N0xBd0Q0S0o0OXk5
+bm05d043OEJPYjVyazlCamtEVGY0bmcKLT4gWDI1NTE5IGoza0pNN2lERW1xT09Q
+c2tVUDRObXdEUHRYc29mQVVqUUsyeDAvRGFkVjAKbzJDNXlBYmdsVUMyN0x0dUN1
+ZjBpY01BZ25vamVmQUU1RlpKcHFzWWRaZwotPiBnLG18aF0/LWdyZWFzZSApM2Jh
+ID9SWSsweUZ7IChzCno2NUtqZDA0bHJlOW9sZDVORUQ5a0hLdzFCdG9sdTJtdmNx
+RTJZNGw1YjFxVkpuYmRVUjZXNmdRZUEKLS0tIHNxNW5naVhXK00vODZKb05tRmVz
+Ly95cElKUzhwTmc2Q1lDdDFtYzdWQmMKE7CUXfDjwRt7o2CDfQjXblZok6DhgVRX
+Rs5bNNGCFO0BYmJKBgm2j4shw+zXkH2N8VtHy8YQsYYwMV22wkjM
+-----END AGE ENCRYPTED FILE-----

secrets/xenon/wireless-config.age

@@ -1,12 +1,12 @@
 -----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzaDFMZFlaZjFhZi9Dd2Rr
-K1BpbTA1SE1vMGRLY0FpQTRuV3l5Rkd6YWwwCkFITlYzdkI4WS9PUmw3WktWbWt0
-Rk1INlZtUlhvcE1FM2Q0RGk1TmxyRnMKLT4gWDI1NTE5IFJlSlNLdnIrK3cyUitT
-NGlwV3VqeFMrbXBoRDRIMzc5M1pSdDAxQSt2d28KZnRXa0UraEV5dURrUlJPaWVB
-OTFYR2F0ZExjTlJlb2tmNmEyMDlmYStsZwotPiA3LWdyZWFzZSBZLT1EWyYgcixg
-KwpybkR5U3BsOGpaWGxwTXlHMitVVWJFdmpJaGdubFlLVVhzRWcvdEhPVTI1NU94
-TlpZeXRDYkRmSGpFWWtFdzJGCjV2ay9iOFhTK1BqNmRlZDQyVytsb052RmR6Z3BV
-M1JWOG5PczNzYwotLS0gRU9rMG8zRzkrZU1FWlpHd1J2WlJDOE83WlFZQXBna2lY
-aEFPZndjQlhrMArhIOIxtk7nbZcRVmFYxbA+aU1pTr0Ud56aeDMqNp8d15t47Ctt
-ViR6PHVKLkOaxtq/6oIFX+Q5I108rQ==
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4eEd1RjJYR2UyWmE5SGgy
+VytzM2I0WUxjRXFlU3c5TnpWVkxVWUdhOVNJCjRBam5PNWpVVk10ZmM0a2RuVFBk
+Y2wvRjUxd2lwak9zSWJ4eXYvQXVEQjAKLT4gWDI1NTE5IEFuNTE5M3RoTVZDN0lL
+eklMKzE2MFNIVkNCUktBaGliYzB1dFZEeDNURFEKbXlQQ0xjTVRCKzlXcXpyVlND
+MTE3SEp6TWhMaVJ3YlViUGtPRzhYN0l0WQotPiA1LWdyZWFzZQowVW1TclhKV3Z3
+NjQvdUhOUnZzdWIwWkljZ1A2bDBFU3VlTitEZjN0eXdMQ0VjU3FWRThaT1NudkxY
+bWZhZHhyCitYV3JjSkUzMnQ1RHF5Tkp6VlJTS0dZZEpCQm5zOS8vM3UwCi0tLSBi
+aEl0SVQxUmIwZ1RIdFFsNTNDeGE1a05LZXNSaGgxRkpyRkxBR09wRFV3Co1RzWOH
+EOX2TJsRCn5R4SkliwmIRq426OhSFSCAP7RNkMWEkjyX9OMPQMs60iVWhOzYAmZe
+apTc
 -----END AGE ENCRYPTED FILE-----