diff --git a/hosts/manatee/modules/certs/default.nix b/hosts/manatee/modules/certs/default.nix index 349d091..fb9705e 100644 --- a/hosts/manatee/modules/certs/default.nix +++ b/hosts/manatee/modules/certs/default.nix @@ -20,6 +20,19 @@ "--http-timeout=60" ]; }; + + "komga.ppp.pm" = { + dnsProvider = "hetzner"; + environmentFile = config.age.secrets.hetzner-dns.path; + group = "nginx"; + + extraLegoFlags = [ + "--dns.resolvers=1.1.1.1:53,8.8.8.8:53" + "--dns.propagation-wait=60s" + "--dns-timeout=60" + "--http-timeout=60" + ]; + }; }; }; diff --git a/hosts/manatee/modules/home-assistant/default.nix b/hosts/manatee/modules/home-assistant/default.nix index 63cd18e..3b1b12d 100644 --- a/hosts/manatee/modules/home-assistant/default.nix +++ b/hosts/manatee/modules/home-assistant/default.nix @@ -160,13 +160,13 @@ in user = { timers = { - "update-hetzner-ha-dns" = { + "update-hetzner-dns" = { unitConfig = { - Description = "updates Hetzner DNS for home-assistant"; + Description = "updates Hetzner DNS records"; }; timerConfig = { - Unit = "update-hetzner-ha-dns.service"; + Unit = "update-hetzner-dns.service"; OnCalendar = "*-*-* *:00/30:00"; Persistent = true; }; @@ -176,9 +176,9 @@ in }; services = { - "update-hetzner-ha-dns" = { + "update-hetzner-dns" = { unitConfig = { - Description = "updates Hetzner DNS for home-assistant"; + Description = "updates Hetzner DNS records"; }; serviceConfig = { @@ -188,38 +188,41 @@ in path = [ pkgs.curl - pkgs.coreutils # For `cat` + pkgs.coreutils pkgs.jq ]; script = '' - LAST_IP_FILE="/tmp/hetzner-dns-ha-ip" + SUBDOMAINS="ha komga" INTERFACE="enp3s0" CURRENT_IP=$(curl -s --fail --interface "$INTERFACE" ifconfig.me) - LAST_IP="" - if [[ -f "$LAST_IP_FILE" ]]; then - LAST_IP=$(cat "$LAST_IP_FILE") - fi + for SUBDOMAIN in $SUBDOMAINS; do + LAST_IP_FILE="/tmp/hetzner-dns-''${SUBDOMAIN}-ip" - if [[ "$CURRENT_IP" == "$LAST_IP" ]]; then - echo "IP unchanged, NOOP update." - exit 0 - else - echo "Updating IP" + LAST_IP="" + if [[ -f "$LAST_IP_FILE" ]]; then + LAST_IP=$(cat "$LAST_IP_FILE") + fi - JSON_BODY=$(jq -n --arg ip "$CURRENT_IP" '{records: [{value: $ip}]}') + if [[ "$CURRENT_IP" == "$LAST_IP" ]]; then + echo "$SUBDOMAIN: IP unchanged, NOOP update." + else + echo "$SUBDOMAIN: Updating IP" - curl \ - --fail \ - -X POST \ - -H "Authorization: Bearer $HETZNER_API_TOKEN" \ - -H "Content-Type: application/json" \ - -d "$JSON_BODY" \ - "https://api.hetzner.cloud/v1/zones/ppp.pm/rrsets/ha/A/actions/set_records" \ - && echo $CURRENT_IP > $LAST_IP_FILE - fi + JSON_BODY=$(jq -n --arg ip "$CURRENT_IP" '{records: [{value: $ip}]}') + + curl \ + --fail \ + -X POST \ + -H "Authorization: Bearer $HETZNER_API_TOKEN" \ + -H "Content-Type: application/json" \ + -d "$JSON_BODY" \ + "https://api.hetzner.cloud/v1/zones/ppp.pm/rrsets/''${SUBDOMAIN}/A/actions/set_records" \ + && echo $CURRENT_IP > $LAST_IP_FILE + fi + done ''; }; }; diff --git a/hosts/manatee/modules/komga/default.nix b/hosts/manatee/modules/komga/default.nix index c83ad12..9a1f5f1 100644 --- a/hosts/manatee/modules/komga/default.nix +++ b/hosts/manatee/modules/komga/default.nix @@ -47,6 +47,7 @@ in server.port = 8002; komga."cors.allowed-origins" = [ "http://manatee:8888" + "https://komga.ppp.pm" ]; }; @@ -68,6 +69,16 @@ in tryFiles = "$uri $uri/ /komga-reader.html"; }; }; + + virtualHosts."komga.ppp.pm" = { + forceSSL = true; + useACMEHost = "komga.ppp.pm"; + + locations."/" = { + proxyPass = "http://127.0.0.1:8002"; + proxyWebsockets = true; + }; + }; }; networking.firewall.allowedTCPPorts = [ 8888 ];