From 0ddc0c7fef957e07e9bceb596111eb126d1e0e25 Mon Sep 17 00:00:00 2001
From: Alexander Heldt <me@alexanderheldt.se>
Date: Wed, 7 Jan 2026 14:35:15 +0100
Subject: [PATCH] manatee: Update machine IP for `ha.ppp.pm`

---
 .../modules/home-assistant/default.nix        | 80 ++++++++++++++++++-
 1 file changed, 78 insertions(+), 2 deletions(-)

diff --git a/hosts/manatee/modules/home-assistant/default.nix b/hosts/manatee/modules/home-assistant/default.nix
index b1161f4..e59f395 100644
--- a/hosts/manatee/modules/home-assistant/default.nix
+++ b/hosts/manatee/modules/home-assistant/default.nix
@@ -1,4 +1,9 @@
-{ lib, config, ... }:
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
 let
   nginxEnabled = config.mod.nginx.enable;
 in
@@ -54,9 +59,80 @@ in
     };
   };
 
+  systemd.user = {
+    timers = {
+      "update-hetzner-ha-dns" = {
+        unitConfig = {
+          Description = "updates Hetzner DNS for home-assistant";
+        };
+
+        timerConfig = {
+          Unit = "update-hetzner-ha-dns.service";
+          OnCalendar = "*-*-* *:00/30:00";
+          Persistent = true;
+        };
+
+        wantedBy = [ "timers.target" ];
+      };
+    };
+
+    services = {
+      "update-hetzner-ha-dns" = {
+        unitConfig = {
+          Description = "updates Hetzner DNS for home-assistant";
+        };
+
+        serviceConfig = {
+          Type = "exec";
+          EnvironmentFile = config.age.secrets.hetzner-dns.path;
+        };
+
+        path = [
+          pkgs.curl
+          pkgs.coreutils # For `cat`
+          pkgs.jq
+        ];
+
+        script = ''
+          LAST_IP_FILE="/tmp/hetzner-dns-ha-ip"
+          INTERFACE="enp3s0"
+
+          CURRENT_IP=$(curl -s --fail --interface "$INTERFACE" ifconfig.me)
+
+          LAST_IP=""
+          if [[ -f "$LAST_IP_FILE" ]]; then
+              LAST_IP=$(cat "$LAST_IP_FILE")
+          fi
+
+          if [[ "$CURRENT_IP" == "$LAST_IP" ]]; then
+              echo "IP unchanged, NOOP update."
+              exit 0
+          else
+              echo "Updating IP"
+
+              JSON_BODY=$(jq -n --arg ip "$CURRENT_IP" '{records: [{value: $ip}]}')
+
+              curl \
+                --fail \
+              	-X POST \
+                -H "Authorization: Bearer $HETZNER_API_TOKEN" \
+                -H "Content-Type: application/json" \
+                -d "$JSON_BODY" \
+                "https://api.hetzner.cloud/v1/zones/ppp.pm/rrsets/ha/A/actions/set_records" \
+                && echo $CURRENT_IP > $LAST_IP_FILE
+          fi
+        '';
+      };
+    };
+  };
+
   age = {
     secrets = {
-      "hetzner-dns".file = ../../../../secrets/manatee/hetzner-dns.age;
+      "hetzner-dns" = {
+        file = ../../../../secrets/manatee/hetzner-dns.age;
+        owner = "alex";
+        group = "users";
+      };
     };
   };
 }