Go to file
2024-09-01 20:13:51 +02:00
nix it does only make sense to run the service when internet is available 2024-07-27 19:31:13 +02:00
src updated to use gandi PATs 2024-09-01 14:58:24 +02:00
.envrc
.gitignore
flake.lock updated inputs 2024-05-23 18:08:56 +02:00
flake.nix updated dependency management and dev environment 2024-01-02 15:12:51 +01:00
poetry.lock removed mypy 2024-05-23 18:57:41 +02:00
pyproject.toml removed mypy 2024-05-23 18:57:41 +02:00
README.md updated README 2024-09-01 20:13:51 +02:00

Dyn-Gandi

A DNS record updater for Gandi's LiveDNS API. This script is heavily inspired by dyn-gandi.

How it works

This script determines the the current IP address by querying the resolvers defined in the config file. It then queries the subdomains' A records off of Gandi and compares their IP addresses to the current IP address. Should the IP address of a subdomain's A record not match your current IP address it will be updated. The subdomain's A record will be created should it not already exist.

Notes

Every invocation of the script causes at least 1 request to a resolver specified and 1 API call to Gandi per domain. Updating a subdomain's A record is 1 API request per subdomain, even if they share the same domain.
Resolvers are queried in the order specified until one returns a valid IP address.
It is also possible to define a path to a file with the API key written in it. This is good for environments where the config file has to be shared like in a nix project.

Usage

First, get your Personal Access Token (PAT) from https://account.gandi.net/en/users/USER/security where USER is your Gandi username. The token need the following permissions:

  • Manage domain name technical configurations

The script looks for a config file at $HOME/.config/dyn-gandi/config.log or /etc/dyn-gandi.conf in that order. So create a file at one of these locations according to the schema below.

{
  "api": {
    "<Your-PAT>": {
      "example.com": [ "@", "www", "sub1" ],
      "example.org": [ "@", "www", "sub1", "sub2" ]
    },
    "/path/to/a/file/containing/api_key": {
      "example.at": [ "sub1" ],
      "example.au": [ "sub1", "sub2" ]
    }
  },
  "resolvers": [
    "https://ifconfig.me/ip",
    "https://me.gandi.net"
  ],
  "ttl": 3600,
  "log_path": "./log.txt"
}

Nix

Add this to the modules.

inputs = {
  dyn-gandi.url = "git+https://git.krsnik.at/Kristian/dyn-gandi";
};

outputs = {
  self,
  nixpkgs,
  dyn-gandi
}: {
  ...
  modules = [
    dyn-gandi.nixosModules.default
    {
      dyn-gandi.enable = true;
      dyn-gandi.timer = 300;
      dyn-gandi.settings = {
        api = {
          "/path/to/a/file/containing/api_key" = {
            "example.com" = ["@" "www"];
          };
        };
        resolvers = [
          "https://ifconfig.me/ip"
          "https://me.gandi.net"
        ];
        ttl = 3600;
        log_path = "/path/to/log/file";
      };
    }
    ...
  ];
  ...
}

Use dyn-gandi.nixosModules.default for a NixOs module and dyn-gandi.homeManagerModules.default for home-manager

dyn-gandi.timer specifies a timer in seconds when the script should be repeated.

Features

  • Support for arbitrarily many domains and subdomains through a nested data structure.
  • Small codebase
  • Logging
  • NixOS and home-manager modules

Limitations

  • Only IPv4 addresses are supported

TODO

  • Testing
  • Command line options controlling: dry-run, config, log, verbosity, force
  • Support IPv6
  • Per subdomain TTL
  • Better documentation
  • Better logging