mastercontainer updates deSEC IP directly; ddclient auto-configures from env vars

Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/fc6803fd-5743-438d-86b8-068ce48b1411 Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>
2026-05-30 07:20:09 +00:00 · 2026-04-24 19:24:14 +00:00
parent f23d8276ff
commit 7c5abc978d
10 changed files with 110 additions and 36 deletions
--- a/php/src/Controller/DesecController.php
+++ b/php/src/Controller/DesecController.php
@@ -49,7 +49,7 @@ readonly class DesecController {
            // Register a free dedyn.io subdomain
            $domain = $this->registerDesecDomain($token);

-            // Persist the credentials and auto-enable the companion community containers
+            // Persist the credentials and auto-enable caddy as the reverse proxy
            $this->configurationManager->startTransaction();
            $this->configurationManager->setDesecToken($token);
            $this->configurationManager->desecEmail = $email;
@@ -57,10 +57,8 @@ readonly class DesecController {
                $this->configurationManager->aioCommunityContainers,
                fn(string $cc): bool => $cc !== '',
            ));
-            foreach (['caddy', 'ddclient'] as $cc) {
-                if (!in_array($cc, $enabled, true)) {
-                    $enabled[] = $cc;
-                }
+            if (!in_array('caddy', $enabled, true)) {
+                $enabled[] = 'caddy';
            }
            $this->configurationManager->aioCommunityContainers = $enabled;
            $this->configurationManager->commitTransaction();
@@ -69,6 +67,9 @@ readonly class DesecController {
            // created and DNS propagation may not have completed yet.
            $this->configurationManager->setDomain($domain, true);

+            // Perform the first DNS IP update so the record is populated immediately
+            $this->updateIpIfDesecDomain();
+
            return $response->withStatus(201)->withHeader('Location', '.');
        } catch (InvalidSettingConfigurationException $ex) {
            $response->getBody()->write($ex->getMessage());
@@ -79,6 +80,36 @@ readonly class DesecController {
        }
    }

+    /**
+     * Updates the deSEC DNS A/AAAA record with the current public IP of this host.
+     * Uses deSEC's DynDNS2-compatible update endpoint, which auto-detects the requester's IP.
+     * Safe to call frequently; the endpoint returns "nochg" when the IP has not changed.
+     * Errors are logged but never thrown, so callers are not interrupted.
+     */
+    public function updateIpIfDesecDomain(): void {
+        if (!$this->configurationManager->isDesecDomain()) {
+            return;
+        }
+
+        $domain = $this->configurationManager->domain;
+        $token  = $this->configurationManager->getDesecToken();
+
+        try {
+            $res    = $this->guzzleClient->get('https://update.dedyn.io/', [
+                'query'   => ['hostname' => $domain],
+                'headers' => ['Authorization' => 'Token ' . $token],
+            ]);
+            $status = trim($res->getBody()->getContents());
+            if (str_starts_with($status, 'good') || str_starts_with($status, 'nochg')) {
+                error_log('deSEC IP update for ' . $domain . ': ' . $status);
+            } else {
+                error_log('deSEC IP update for ' . $domain . ' returned unexpected response: ' . $status);
+            }
+        } catch (\Exception $e) {
+            error_log('Could not update deSEC DNS record for ' . $domain . ': ' . $e->getMessage());
+        }
+    }
+
    /**
     * Creates a new deSEC account and returns the API token from the response.
     *
--- a/php/src/Controller/DockerController.php
+++ b/php/src/Controller/DockerController.php
@@ -18,7 +18,8 @@ readonly class DockerController {
    public function __construct(
        private DockerActionManager           $dockerActionManager,
        private ContainerDefinitionFetcher    $containerDefinitionFetcher,
-        private ConfigurationManager $configurationManager
+        private ConfigurationManager $configurationManager,
+        private DesecController $desecController,
    ) {
    }

@@ -263,6 +264,9 @@ readonly class DockerController {
        // Stop domaincheck since apache would not be able to start otherwise
        $this->StopDomaincheckContainer();

+        // Refresh the deSEC DNS record with the current public IP before starting containers
+        $this->desecController->updateIpIfDesecDomain();
+
        $id = self::TOP_CONTAINER;

        $this->PerformRecursiveContainerStart($id, $pullImage, $addToStreamingResponseBody);
--- a/php/src/Cron/UpdateDesecIp.php
+++ b/php/src/Cron/UpdateDesecIp.php
@@ -0,0 +1,17 @@
+<?php
+declare(strict_types=1);
+
+// increase memory limit to 2GB
+ini_set('memory_limit', '2048M');
+
+// Log whole log messages
+ini_set('log_errors_max_len', '0');
+
+require __DIR__ . '/../../vendor/autoload.php';
+
+$container = \AIO\DependencyInjection::GetContainer();
+
+/** @var \AIO\Controller\DesecController $desecController */
+$desecController = $container->get(\AIO\Controller\DesecController::class);
+
+$desecController->updateIpIfDesecDomain();