From 614366a0d91e2f6418b80c95dd57ba5e59483a01 Mon Sep 17 00:00:00 2001
From: Joey Hafner <jafner425@gmail.com>
Date: Fri, 10 Feb 2023 13:33:04 -0800
Subject: [PATCH] #82 Add Jafner.chat handling #32 Refactor config handling

---
 homelab/.gitignore                            |  3 ++-
 homelab/server/config/ddns/README.md          | 17 ++++++++++++
 .../config/ddns/ddclient/ddclient.template    | 26 +++++++++++++++++++
 homelab/server/config/ddns/docker-compose.yml |  1 +
 4 files changed, 46 insertions(+), 1 deletion(-)
 create mode 100644 homelab/server/config/ddns/README.md
 create mode 100644 homelab/server/config/ddns/ddclient/ddclient.template

diff --git a/homelab/.gitignore b/homelab/.gitignore
index 44bb00a1..6dfd5ee4 100644
--- a/homelab/.gitignore
+++ b/homelab/.gitignore
@@ -1,2 +1,3 @@
 *.secret
-*_secrets.env
\ No newline at end of file
+*_secrets.env
+server\config\ddns\ddclient\ddclient.conf
\ No newline at end of file
diff --git a/homelab/server/config/ddns/README.md b/homelab/server/config/ddns/README.md
new file mode 100644
index 00000000..65475c3f
--- /dev/null
+++ b/homelab/server/config/ddns/README.md
@@ -0,0 +1,17 @@
+# Updating ddclient.conf
+ddclient does not natively support proper secret management for credentials. So in order to ensure that our DNS management credentials are not kept in Git, we have to work around that. 
+
+Our credentials are stored in `ddclient_secrets.env`, which is git-ignored. Additionally, the actual `ddclient.conf` file is git-ignored because it must contain the credentials. 
+
+So we generate the config file when it must be updated. To update the file, we can run the following command:  
+
+```bash
+cd ~/homelab/server/config/ddns/ && \
+export $(cat ddclient_secrets.env | xargs) && \
+envsubst < ./ddclient/ddclient.template > ./ddclient/ddclient.conf && \
+unset $(grep -v '^#' ddclient_secrets.env | sed -E 's/(.*)=.*/\1/' | xargs)
+```
+
+First we export the variables in the `ddclient_secrets.env` file (which are all simple key-value pairs). Then, the [`envsubst`](https://www.baeldung.com/linux/envsubst-command) command looks for env variable references (like `$USER_Jafner_chat`) in the `ddclient.template` file (via stdin) and replaces them with the values from the current shell. Lastly, we remove the secrets from the shell to preserve security.
+
+[StackOverflow - Set environment variables from file of ke/value pairs](https://stackoverflow.com/questions/19331497/set-environment-variables-from-file-of-key-value-pairs)
\ No newline at end of file
diff --git a/homelab/server/config/ddns/ddclient/ddclient.template b/homelab/server/config/ddns/ddclient/ddclient.template
new file mode 100644
index 00000000..20dfdc07
--- /dev/null
+++ b/homelab/server/config/ddns/ddclient/ddclient.template
@@ -0,0 +1,26 @@
+# jafner.dev
+use=web
+web=dynamicdns.park-your-domain.com/getip
+protocol=googledomains
+ssl=yes
+login=$USER_Jafner_dev
+password=$PASS_Jafner_dev
+@.jafner.dev, *.jafner.dev
+
+# jafner.chat
+use=web
+web=dynamicdns.park-your-domain.com/getip
+protocol=cloudflare
+login=$USER_Jafner_chat
+password=$PASS_Jafner_chat
+zone=jafner.chat
+jafner.chat,*.jafner.chat
+
+# meganmcdonough.art
+use=web
+web=dynamicdns.park-your-domain.com/getip
+protocol=googledomains
+ssl=yes
+login=$USER_Meganmcdonough_art
+password=$PASS_Meganmcdonough_art
+meganmcdonough.art
\ No newline at end of file
diff --git a/homelab/server/config/ddns/docker-compose.yml b/homelab/server/config/ddns/docker-compose.yml
index 19af96ee..ab6323ec 100644
--- a/homelab/server/config/ddns/docker-compose.yml
+++ b/homelab/server/config/ddns/docker-compose.yml
@@ -17,6 +17,7 @@ services:
       - cloudflare_secrets.env
     labels:
       - traefik.enable=false
+
   ddclient:
     image: linuxserver/ddclient
     container_name: ddns_ddclient