{ pkgs, lib, config, inputs, hosts, hostName, ... }: let inherit (config.users) users groups; inherit (hosts.mermet.config.networking) domain; in { # TODO: nsupdate in the initrd systemd.services.nsupdate = { wantedBy = [ "multi-user.target" ]; startAt = "*:0/5"; # every 5 min serviceConfig = { Type = "simple"; LoadCredentialEncrypted = [ "${hostName}.${domain}.tsig:${./nsupdate +"/${domain}/tsig.cred"}" ]; ExecStart = pkgs.writeShellScript "nsupdate" '' set -eux publicIPv4=$(${pkgs.curl}/bin/curl -s4 https://whoami.sourcephile.fr/addr || ${pkgs.curl}/bin/curl -s4L https://icanhazip.com || true) publicIPv6=$(${pkgs.curl}/bin/curl -s6L https://icanhazip.com || true) privateIPv4=$(${pkgs.miniupnpc}/bin/upnpc -s | sed -ne 's/^Local LAN ip address : //p') ${pkgs.knot-dns}/bin/knsupdate -k $CREDENTIALS_DIRECTORY/${hostName}.${domain}.tsig <