From f3b0eaf58a1cd475c0bfaae8abf7e19bb69a74d8 Mon Sep 17 00:00:00 2001
From: Christine Elisabeth Koppel <kuutruu@posteo.net>
Date: Tue, 3 Mar 2026 11:54:27 +0100
Subject: [PATCH] Add systemd service and timer for PRG Cloudflare DDNS
 updater. Update script shebang.

---
 nix-system-configs/modules/system/traefik.nix | 28 +++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/nix-system-configs/modules/system/traefik.nix b/nix-system-configs/modules/system/traefik.nix
index 0cb3518..5657ad1 100644
--- a/nix-system-configs/modules/system/traefik.nix
+++ b/nix-system-configs/modules/system/traefik.nix
@@ -578,7 +578,7 @@ in {
     # PRG Cloudflare DDNS updater - split into a single-run upstream script and a wrapper that loops records
     environment.etc."cloudflare-ddns/update-single.sh" = {
       text = ''
-        #!/bin/bash
+        #!/usr/bin/env bash
         ## K0p1-Git cloudflare-ddns-updater (packaged copy)
         ## Upstream: https://github.com/K0p1-Git/cloudflare-ddns-updater
         ## Author: K0p1-Git
@@ -741,7 +741,8 @@ in {
           else
             export record_name="$r.${domain}"
           fi
-          /etc/cloudflare-ddns/update-single.sh || true
+          # Invoke the single-run script explicitly with the system's bash via env to avoid /bin/bash shebang issues
+          /usr/bin/env bash /etc/cloudflare-ddns/update-single.sh || true
         done
 
       '';
@@ -757,6 +758,29 @@ in {
       wants = ["acme-finished-prg-radio.org.target"];
     };
 
+    systemd.services.prg-cloudflare-ddns-updater = {
+      description = "PRG Cloudflare DDNS updater";
+      after = [ "network-online.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        Type = "oneshot";
+        ExecStart = "/usr/bin/env bash /etc/cloudflare-ddns/update.sh";
+        User = "traefikprg";
+        # Make sure the service doesn't fail the boot if the script exits non-zero
+        Restart = "no";
+      };
+    };
+
+    systemd.timers.prg-cloudflare-ddns-updater = {
+      description = "Run PRG Cloudflare DDNS updater hourly";
+      wantedBy = [ "timers.target" ];
+      timerConfig = {
+        OnBootSec = "1m";        # run shortly after boot
+        OnUnitActiveSec = "1h";  # then every hour
+        AccuracySec = "1m";
+      };
+    };
+
     networking.firewall.allowedTCPPorts = [80 443 10022 30033 8448 9001 3001 993 465 25];
     networking.firewall.allowedUDPPorts = [80 443 9987 9001 3001 993 465 25];