From 6c74fb07a86a8d689f795afd40ed133b6bbfd2e9 Mon Sep 17 00:00:00 2001
From: Alexander Heldt <me@alexanderheldt.se>
Date: Wed, 7 Jan 2026 14:35:15 +0100
Subject: [PATCH] manatee: Update machine IP for `ha.ppp.pm`

---
 .../modules/home-assistant/default.nix        |  65 +++++++++++++++++-
 secrets/manatee/hetzner-dns-ha-env-vars.age   | Bin 0 -> 366 bytes
 secrets/secrets.nix                           |   1 +
 3 files changed, 65 insertions(+), 1 deletion(-)
 create mode 100644 secrets/manatee/hetzner-dns-ha-env-vars.age

diff --git a/hosts/manatee/modules/home-assistant/default.nix b/hosts/manatee/modules/home-assistant/default.nix
index b1161f4..b55ee8c 100644
--- a/hosts/manatee/modules/home-assistant/default.nix
+++ b/hosts/manatee/modules/home-assistant/default.nix
@@ -1,4 +1,9 @@
-{ lib, config, ... }:
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
 let
   nginxEnabled = config.mod.nginx.enable;
 in
@@ -54,6 +59,64 @@ in
     };
   };
 
+  systemd.user = {
+    timers = {
+      "update-hetzner-ha-dns" = {
+        unitConfig = {
+          Description = "updates Hetzner DNS for home-assistant";
+        };
+
+        timerConfig = {
+          Unit = "update-hetzner-ha-dns.service";
+          OnCalendar = "*-*-* *:00/30:00";
+          Persistent = true;
+        };
+
+        wantedBy = [ "timers.target" ];
+      };
+    };
+
+    services = {
+      "update-hetzner-ha-dns" = {
+        unitConfig = {
+          Description = "updates Hetzner DNS for home-assistant";
+        };
+
+        serviceConfig = {
+          Type = "exec";
+          EnvironmentFile = config.age.secrets.hetzner-dns.path;
+        };
+
+        path = [
+          pkgs.curl
+          pkgs.coreutils # For `cat`
+        ];
+
+        script = ''
+          LAST_IP_FILE="/tmp/hetzner-dns-ha-ip"
+          INTERFACE="enp3s0"
+
+          CURRENT_IP=$(curl -s --fail --interface "$INTERFACE" ifconfig.me')
+
+          LAST_IP=""
+          if [[ -f "$LAST_IP_FILE" ]]; then
+              LAST_IP=$(cat "$LAST_IP_FILE")')
+          fi
+
+          if [[ "$CURRENT_IP" == "$LAST_IP" ]]; then
+              echo "IP unchanged, NOOP update."
+              exit 0
+          else
+              echo "checking DNS"
+              curl \
+                -H "Authorization: Bearer $HETZNER_API_TOKEN" \
+                "https://api.hetzner.cloud/v1/zones/$ZONE_NAME/rrsets/$RRSET_NAME/A"
+          fi
+        '';
+      };
+    };
+  };
+
   age = {
     secrets = {
       "hetzner-dns".file = ../../../../secrets/manatee/hetzner-dns.age;
diff --git a/secrets/manatee/hetzner-dns-ha-env-vars.age b/secrets/manatee/hetzner-dns-ha-env-vars.age
new file mode 100644
index 0000000000000000000000000000000000000000..52eb1c3fb4e11bb6d1687718a4a399551e0ebd33
GIT binary patch
literal 366
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSH&kic{b5ux83@=Cx
z$PJBhtEfuJh;q)!cFWaHb#y8*)YlHIjLa@_wv5pC%W_O~jN~#7O3nB8@(N7M_0o6D
zs>sXJcMjE#3NWnntjaViF)efSbjz@;@+nPqO-Hv)JKrzSBT&I8**&c?E!)H*C_Sv$
zyui%d!!NWXHP<U5JKNpeG|$Z>BQ-TI(;&4hsGQ3?+1%OFz`HOk(J`bd(!JcVGRHX0
zJE<hnKi42T+`PokIjy)jE3+!hx138?S63m|J4@R*H8M3QKeRBXyu{Vm(k-(hE2B6d
z)hNp?Bq!A?J1Dg(&nYXwtDNh~k^@qqLJ?x+OlLiE*%!|?*=(ZC@I>QKa<{VVoz%4U
zkH1!bx)2a2k(G4ly*}^JcL6sa6z^5dFSzmcsm9y>OE+&H>SM`{xmw5L{x2E;a?6Fu

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 31067ed..2333361 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -35,6 +35,7 @@ in {
   "manatee/syncthing-cert.age".publicKeys = [ manatee alex ];
   "manatee/syncthing-key.age".publicKeys = [ manatee alex ];
   "manatee/hetzner-dns.age".publicKeys = [ manatee alex ];
+  "manatee/hetzner-dns-ha-env-vars.age".publicKeys = [ manatee alex ];
 
   "backwards/root.backwards.age".publicKeys = [ backwards alex ];
   "backwards/root.backwards.pub.age".publicKeys = [ backwards alex ];