From 6661357f055c4b43c6aa9c5899dbfb3c5d38fdc2 Mon Sep 17 00:00:00 2001
From: ahtlon <git@ahtlon.de>
Date: Fri, 20 Feb 2026 19:49:48 +0100
Subject: [PATCH 1/2] [fanny] add dyndns service

---
 machines/fanny/configuration.nix |  1 +
 machines/fanny/dyndns.nix        | 22 ++++++++++++++++++++++
 machines/fanny/secrets.yaml      | 11 ++++-------
 3 files changed, 27 insertions(+), 7 deletions(-)
 create mode 100644 machines/fanny/dyndns.nix

diff --git a/machines/fanny/configuration.nix b/machines/fanny/configuration.nix
index 1617b5b..ff4814e 100644
--- a/machines/fanny/configuration.nix
+++ b/machines/fanny/configuration.nix
@@ -21,6 +21,7 @@ in
       inputs.self.nixosModules.malobeo.metrics
       inputs.self.nixosModules.malobeo.users
       inputs.self.nixosModules.malobeo.backup
+      ./dyndns.nix
     ];
 
     virtualisation.vmVariantWithDisko = {
diff --git a/machines/fanny/dyndns.nix b/machines/fanny/dyndns.nix
new file mode 100644
index 0000000..ff14ffd
--- /dev/null
+++ b/machines/fanny/dyndns.nix
@@ -0,0 +1,22 @@
+{... }:
+{
+  sops.secrets.njala = {};
+  systemd.services."dyndns" = {
+    script = ''
+      KEY=$(cat /run/secrets/njalla)
+      ${pkgs.curl}/bin/curl --fail --silent --show-error "https://njal.la/update/?h=cloud.malobeo.org&k="$KEY"&auto"
+    '';
+    serviceConfig = {
+      Type = "oneshot";
+      User = "root";
+    };
+  };
+  systemd.timers."dyndns" = {
+    wantedBy = ["timers.target"];
+    timerConfig = {
+      OnBootSec = "100s";
+      OnUnitActiveSec = "10m";
+      Unit = "dyndns.service";
+    };
+  };
+}
\ No newline at end of file
diff --git a/machines/fanny/secrets.yaml b/machines/fanny/secrets.yaml
index fba35ac..1bb0bca 100644
--- a/machines/fanny/secrets.yaml
+++ b/machines/fanny/secrets.yaml
@@ -1,11 +1,8 @@
 wg_private: ENC[AES256_GCM,data:kFuLzZz9lmtUccQUIYiXvJRf7WBg5iCq1xxCiI76J3TaIBELqgbEmUtPR4g=,iv:0S0uzX4OVxQCKDOl1zB6nDo8152oE7ymBWdVkPkKlro=,tag:gg1n1BsnjNPikMBNB60F5Q==,type:str]
 shop_cleartext: ENC[AES256_GCM,data:sifpX/R6JCcNKgwN2M4Dbflgnfs5CqB8ez5fULPohuFS6k36BLemWzEk,iv:1lRYausj7V/53sfSO9UnJ2OC/Si94JXgIo81Ld74BE8=,tag:5osQU/67bvFeUGA90BSiIA==,type:str]
 shop_auth: ENC[AES256_GCM,data:0NDIRjmGwlSFls12sCb5OlgyGTCHpPQIjycEJGhYlZsWKhEYXV2u3g1RHMkF8Ny913jarjf0BgwSq5pBD9rgPL9t8X8=,iv:3jgCv/Gg93Mhdm4eYzwF9QrK14QL2bcC4wwSajCA88o=,tag:h8dhMK46hABv9gYW4johkA==,type:str]
+njalla: ENC[AES256_GCM,data:O/jUfA0UOYhXUqaCvmPEIw==,iv:ilzXLehV0cCxyUx/8fmwo6aU+yLzduZ5FoelQWYiPmw=,tag:KOL5RB7aYxe+1vY/WwTNJg==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
     age:
         - recipient: age136sz3lzhxf74ryruvq34d4tmmxnezkqkgu6zqa3dm582c22fgejqagrqxk
           enc: |
@@ -25,8 +22,8 @@ sops:
             QVZyNWVOMTh3ejBha21Qb2xCRkFERGMKH9nMQUoS5bGcLUx2T1dOmKd9jshttTrP
             SKFx7MXcjFRLKS2Ij12V8ftjL3Uod6be5zoMibkxK19KmXY/514Jww==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-04-14T10:34:55Z"
-    mac: ENC[AES256_GCM,data:vcDXtTi0bpqhHnL6XanJo+6a8f5LAE628HazDVaNO34Ll3eRyhi95eYGXQDDkVk2WUn9NJ5oCMPltnU82bpLtskzTfQDuXHaPZJq5gtOuMH/bAKrY0dfShrdyx71LkA4AFlcI1P5hchpbyY1FK3iqe4D0miBv+Q8lCMgQMVrfxI=,iv:1lMzH899K0CnEtm16nyq8FL/aCkSYJVoj7HSKCyUnPg=,tag:mEbkmFNg5VZtSKqq80NrCw==,type:str]
+    lastmodified: "2026-02-20T18:48:58Z"
+    mac: ENC[AES256_GCM,data:zUoEtRovtCt4cNfThimcKefMnT4DdQUFrleiiPYz6XWcG9UEdYTw4dEc97OGavkzipm1R4tDDIrNSzKWG6oi8iSKk5EBEbKMn3wbCqogYt9fCJFuW25S0NY7smOr1nC6NumZlY+YiGAhEfrIGasp6qiwuD9A/S5a+6QNV5yEsK8=,iv:cB+SftKUCgAfuzNLT45WXf7NZPVVdZbQdpHYESWLjq4=,tag:oqhgWlREZEcHiQNO1hKiuQ==,type:str]
     pgp:
         - created_at: "2025-02-11T18:32:49Z"
           enc: |-
@@ -67,4 +64,4 @@ sops:
             -----END PGP MESSAGE-----
           fp: aef8d6c7e4761fc297cda833df13aebb1011b5d4
     unencrypted_suffix: _unencrypted
-    version: 3.9.4
+    version: 3.11.0
-- 
2.51.2


From 329305a916cd0660006812d52bc2161379c2f8ba Mon Sep 17 00:00:00 2001
From: ahtlon <git@ahtlon.de>
Date: Fri, 20 Feb 2026 20:08:54 +0100
Subject: [PATCH 2/2] [fanny] added zines to dyndns

---
 machines/fanny/dyndns.nix   | 11 +++++++----
 machines/fanny/secrets.yaml |  8 +++++---
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/machines/fanny/dyndns.nix b/machines/fanny/dyndns.nix
index ff14ffd..fda86f3 100644
--- a/machines/fanny/dyndns.nix
+++ b/machines/fanny/dyndns.nix
@@ -1,10 +1,13 @@
-{... }:
+{pkgs, ...}:
 {
-  sops.secrets.njala = {};
+  sops.secrets.njalacloud = {};
+  sops.secrets.njalazines = {};
   systemd.services."dyndns" = {
     script = ''
-      KEY=$(cat /run/secrets/njalla)
-      ${pkgs.curl}/bin/curl --fail --silent --show-error "https://njal.la/update/?h=cloud.malobeo.org&k="$KEY"&auto"
+      KEYCLOUD=$(cat /run/secrets/njallacloud)
+      KEYZINES=$(cat /run/secrets/njallazines)
+      ${pkgs.curl}/bin/curl --fail --silent --show-error "https://njal.la/update/?h=cloud.malobeo.org&k="$KEYCLOUD"&auto"
+      ${pkgs.curl}/bin/curl --fail --silent --show-error "https://njal.la/update/?h=zines.malobeo.org&k="$KEYZINES"&auto"
     '';
     serviceConfig = {
       Type = "oneshot";
diff --git a/machines/fanny/secrets.yaml b/machines/fanny/secrets.yaml
index 1bb0bca..70662c2 100644
--- a/machines/fanny/secrets.yaml
+++ b/machines/fanny/secrets.yaml
@@ -1,7 +1,9 @@
 wg_private: ENC[AES256_GCM,data:kFuLzZz9lmtUccQUIYiXvJRf7WBg5iCq1xxCiI76J3TaIBELqgbEmUtPR4g=,iv:0S0uzX4OVxQCKDOl1zB6nDo8152oE7ymBWdVkPkKlro=,tag:gg1n1BsnjNPikMBNB60F5Q==,type:str]
 shop_cleartext: ENC[AES256_GCM,data:sifpX/R6JCcNKgwN2M4Dbflgnfs5CqB8ez5fULPohuFS6k36BLemWzEk,iv:1lRYausj7V/53sfSO9UnJ2OC/Si94JXgIo81Ld74BE8=,tag:5osQU/67bvFeUGA90BSiIA==,type:str]
 shop_auth: ENC[AES256_GCM,data:0NDIRjmGwlSFls12sCb5OlgyGTCHpPQIjycEJGhYlZsWKhEYXV2u3g1RHMkF8Ny913jarjf0BgwSq5pBD9rgPL9t8X8=,iv:3jgCv/Gg93Mhdm4eYzwF9QrK14QL2bcC4wwSajCA88o=,tag:h8dhMK46hABv9gYW4johkA==,type:str]
-njalla: ENC[AES256_GCM,data:O/jUfA0UOYhXUqaCvmPEIw==,iv:ilzXLehV0cCxyUx/8fmwo6aU+yLzduZ5FoelQWYiPmw=,tag:KOL5RB7aYxe+1vY/WwTNJg==,type:str]
+njallacloud: ENC[AES256_GCM,data:HBFew0tXEYG34G0N5hab9Q==,iv:q4PgqLJkST5exS3fYOQoAN9AubcfYafdjhhRQAIe0Yc=,tag:SZeM1ZcszSJeNo7uZfS0bQ==,type:str]
+njallazines: ENC[AES256_GCM,data:dySUyb1/IBGfjvyGx4iF1Q==,iv:dq60RACMotAzZoiv3+DTx4X6+HK8Wg4CMVzDi3qr6fA=,tag:niHK/B8xYIcEfjHuPkKaQw==,type:str]
+njala_api_key: ENC[AES256_GCM,data:ohSVzQUvFjia/s9WceqnZCdLyk3N1Lm2BCBmXeBlkWD2dyrohKCnd9GiJ499IORpuYcOXyM=,iv:Uczk8op5mgqe8gefxgU9YuTqOsYvjzHCKvzA7GDsgio=,tag:XA7JRq/LsGkpHcQSO36Whg==,type:str]
 sops:
     age:
         - recipient: age136sz3lzhxf74ryruvq34d4tmmxnezkqkgu6zqa3dm582c22fgejqagrqxk
@@ -22,8 +24,8 @@ sops:
             QVZyNWVOMTh3ejBha21Qb2xCRkFERGMKH9nMQUoS5bGcLUx2T1dOmKd9jshttTrP
             SKFx7MXcjFRLKS2Ij12V8ftjL3Uod6be5zoMibkxK19KmXY/514Jww==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-02-20T18:48:58Z"
-    mac: ENC[AES256_GCM,data:zUoEtRovtCt4cNfThimcKefMnT4DdQUFrleiiPYz6XWcG9UEdYTw4dEc97OGavkzipm1R4tDDIrNSzKWG6oi8iSKk5EBEbKMn3wbCqogYt9fCJFuW25S0NY7smOr1nC6NumZlY+YiGAhEfrIGasp6qiwuD9A/S5a+6QNV5yEsK8=,iv:cB+SftKUCgAfuzNLT45WXf7NZPVVdZbQdpHYESWLjq4=,tag:oqhgWlREZEcHiQNO1hKiuQ==,type:str]
+    lastmodified: "2026-02-20T19:08:38Z"
+    mac: ENC[AES256_GCM,data:PnCsmzbOji2iD3cwOl3vkXNMZJjxXqfxLuzlQgczwbHzDRXS9Xma2HuoQ9rnraA4CGc0LCgD/E2X0/LlL2lYks2Rh5Axd1kuBIn3pg2ihvzEAb+zBfnLzFGJW7xq4XJHB+OOnr4301cGFD8aPxlI6wrPeY6qu06rx7hGjsKrNTE=,iv:lhsVRbUUvUYrvC5EutX5Hn9O4tzfmED9TvRpt75qY9s=,tag:fs90cns6OeCaKUE6L0sG/A==,type:str]
     pgp:
         - created_at: "2025-02-11T18:32:49Z"
           enc: |-
-- 
2.51.2