From 7510f22640aaf52b859d0eb04a3ee867cf406919 Mon Sep 17 00:00:00 2001
From: Alan Pearce
Date: Tue, 18 Apr 2023 20:47:43 +0200
Subject: Configure ddclient to update AAAA record for prefect

---
 patches/ddclient-noipv4.patch | 79 +++++++++++++++++++++++++++++++++++++++++++
 system/prefect.nix            | 35 +++++++++++++++++++
 2 files changed, 114 insertions(+)
 create mode 100644 patches/ddclient-noipv4.patch

diff --git a/patches/ddclient-noipv4.patch b/patches/ddclient-noipv4.patch
new file mode 100644
index 00000000..09afd601
--- /dev/null
+++ b/patches/ddclient-noipv4.patch
@@ -0,0 +1,79 @@
+diff --git a/ddclient.in b/ddclient.in
+index 5e4759e..dd2fb58 100755
+--- a/ddclient.in
++++ b/ddclient.in
+@@ -431,7 +431,8 @@ my %variables = (
+         'proxy'               => setv(T_FQDNP, 0, 0, undef,                undef),
+         'protocol'            => setv(T_PROTO, 0, 0, 'dyndns2',            undef),
+ 
+-        'use'                 => setv(T_USE,   0, 0, 'ip',                 undef),
++        'use'                 => setv(T_USE,   0, 0, 'disabled',           undef),
++
+         'usev4'               => setv(T_USEV4, 0, 0, 'disabled',           undef),
+         'usev6'               => setv(T_USEV6, 0, 0, 'disabled',           undef),
+         'ip'                  => setv(T_IP,    0, 0, undef,                undef),
+@@ -489,7 +490,7 @@ my %variables = (
+         'password'            => setv(T_PASSWD,1, 0, '',                   undef),
+         'host'                => setv(T_STRING,1, 1, '',                   undef),
+ 
+-        'use'                 => setv(T_USE,   0, 0, 'ip',                 undef),
++        'use'                 => setv(T_USE,   0, 0, 'disabled',           undef),
+         'if'                  => setv(T_IF,    0, 0, 'ppp0',               undef),
+         'web'                 => setv(T_STRING,0, 0, 'dyndns',             undef),
+         'web-skip'            => setv(T_STRING,0, 0, '',                   undef),
+@@ -1075,6 +1076,8 @@ sub main {
+         read_cache(opt('cache'), \%cache);
+         print_info() if opt('debug') && opt('verbose');
+ 
++        fatal("invalid argument '-use %s'; possible values are:\n%s", $opt{'use'}, join("\n", ip_strategies_usage()))
++            unless exists $ip_strategies{lc opt('use')};
+         fatal("invalid argument '-use %s'; possible values are:\n%s", $opt{'use'}, join("\n", ip_strategies_usage()))
+             unless exists $ip_strategies{lc opt('use')};
+         if (defined($opt{'usev6'})) {
+@@ -1154,11 +1157,9 @@ sub update_nics {
+             next if $config{$h}{'protocol'} ne lc($s);
+             $examined{$h} = 1;
+             # we only do this once per 'use' and argument combination
+-            my $use       = opt('use',   $h) // 'disabled';
+-            my $usev4     = opt('usev4', $h) // 'disabled';
++            my $use       = 'disabled';
++            my $usev4     = 'disabled';
+             my $usev6     = opt('usev6', $h) // 'disabled';
+-            $use          = 'disabled' if ($use eq 'no'); # backward compatibility
+-            $usev6        = 'disabled' if ($usev6 eq 'no'); # backward compatibility
+             my $arg_ip    = opt('ip',    $h) // '';
+             my $arg_ipv4  = opt('ipv4',  $h) // '';
+             my $arg_ipv6  = opt('ipv6',  $h) // '';
+@@ -1592,18 +1593,6 @@ sub init_config {
+     ##
+     $opt{'quiet'} = 0 if opt('verbose');
+ 
+-    ## infer the IP strategy if possible
+-    if (!$opt{'use'}) {
+-        $opt{'use'} = 'web' if ($opt{'web'});
+-        $opt{'use'} = 'if'  if ($opt{'if'});
+-        $opt{'use'} = 'ip'  if ($opt{'ip'});
+-    }
+-    ## infer the IPv4 strategy if possible
+-    if (!$opt{'usev4'}) {
+-        $opt{'usev4'} = 'webv4' if ($opt{'webv4'});
+-        $opt{'usev4'} = 'ifv4'  if ($opt{'ifv4'});
+-        $opt{'usev4'} = 'ipv4'  if ($opt{'ipv4'});
+-    }
+     ## infer the IPv6 strategy if possible
+     if (!$opt{'usev6'}) {
+         $opt{'usev6'} = 'webv6' if ($opt{'webv6'});
+@@ -5813,11 +5802,12 @@ sub nic_nsupdate_update {
+         ## nsupdate requires a port number to be separated by whitepace, not colon
+         $server =~ s/:/ /;
+         my $zone       = $config{$h}{'zone'};
+-        my $ip         = $config{$h}{'wantip'};
++        my $ip         = $config{$h}{'wantipv6'};
+         my $recordtype = '';
+         if (is_ipv6($ip)) {
+             $recordtype = 'AAAA';
+         } else {
++            next;
+             $recordtype = 'A';
+         }
+         delete $config{$_}{'wantip'} foreach @hosts;
diff --git a/system/prefect.nix b/system/prefect.nix
index 829621ef..ec481e22 100644
--- a/system/prefect.nix
+++ b/system/prefect.nix
@@ -136,5 +136,40 @@
     hostName = "prefect";
   };
 
+  services.ddclient = {
+    enable = true;
+    package = (pkgs.ddclient.overrideAttrs
+      (old: {
+        patches = (old.patches or [ ]) ++ [
+          ../patches/ddclient-noipv4.patch
+        ];
+      }));
+    use = "no";
+    protocol = "nsupdate";
+    verbose = true;
+    zone = "alanpearce.eu";
+    server = "pappel.alanpearce.eu";
+    passwordFile = "/etc/secrets/ddns.key";
+    domains = [ "prefect.home.alanpearce.eu" ];
+    extraConfig = ''
+      usev4=disabled
+      usev6=cmdv6
+      cmdv6=${pkgs.writeScript "getipv6" ''
+        #!/bin/sh
+        set -eo pipefail
+        ip --oneline address show dev enp7s0 to 2000::/3 primary \
+          | awk '{ print $4 }' \
+          | cut -d/ -f1
+      ''}
+      ttl=3600
+    '';
+  };
+  systemd.services.ddclient.path = with pkgs;
+    [
+      iproute2
+      coreutils
+      gawk
+    ];
+
   system.stateVersion = "23.05";
 }
-- 
cgit 1.4.1