Skip to content

feat(vpn): Cloudflare DDNS in plex-vpn-bypass + tilsit.vip hostname#72

Merged
smartwatermelon merged 3 commits intomainfrom
claude/cloudflare-ddns-2026-02-23
Feb 24, 2026
Merged

feat(vpn): Cloudflare DDNS in plex-vpn-bypass + tilsit.vip hostname#72
smartwatermelon merged 3 commits intomainfrom
claude/cloudflare-ddns-2026-02-23

Conversation

@smartwatermelon
Copy link
Copy Markdown
Owner

Summary

  • Add update_cloudflare_dns() to plex-vpn-bypass.sh template — reads CF_API_TOKEN from System keychain at runtime, PATCHes the Cloudflare A record on IP change
  • Switch Plex customConnections from raw IP to stable hostname tilsit.vip:32400
  • Add three new template variables: __EXTERNAL_HOSTNAME__, __CLOUDFLARE_ZONE_ID__, __CLOUDFLARE_RECORD_ID__
  • Wire up sed substitutions in transmission-setup.sh and add variables to config.conf.template
  • Fix startup block: only record IP as handled if both DNS and Plex updates succeed (prevents silent retry failure)

Why

NoIP DUC is deprecated in Homebrew. Cloudflare DNS-01 (via tilsit-caddy repo) replaces it. This PR extends the existing public-IP monitor daemon to also keep the Cloudflare A record current, eliminating the need for a separate DDNS client.

Deployment (manual steps on TILSIT)

See docs/plans/2026-02-23-cloudflare-dns01.md in tilsit-caddy-v1 repo, Tasks 9–10.

Prerequisite: tilsit-caddy PR #1 must be deployed first (Tasks 6–7).

Test Plan

  • Task 9: patch live plex-vpn-bypass.sh, restart daemon, verify Cloudflare DNS updated: tilsit.vip -> 67.5.106.16 in log
  • dig +short tilsit.vip @1.1.1.1 returns 67.5.106.16
  • Task 10: remove NoIP DUC from PIA bypass list, uninstall app, update reference config

🤖 Generated with Claude Code

Claude Code Bot and others added 2 commits February 23, 2026 17:01
…Plex customConnections

Extends plex-vpn-bypass.sh to update a Cloudflare A record on IP change,
providing stable DDNS for tilsit.vip. Switches Plex customConnections from
raw public IP to the stable external hostname. Reads CF API token from the
System keychain at runtime (daemon runs as root).

Adds EXTERNAL_HOSTNAME, CLOUDFLARE_ZONE_ID, CLOUDFLARE_RECORD_ID template
variables with sed substitutions in transmission-setup.sh and corresponding
entries in config.conf.template.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Remove unused public_ip param from update_plex_custom_connections()
  (hostname now comes from EXTERNAL_HOSTNAME config var, not caller)
- Fix startup block: only set LAST_PUBLIC_IP after both DNS and Plex
  updates succeed (prevents silent retry failure if startup update fails)
- Add 2>/dev/null to security keychain lookup (consistent with project
  pattern; clean warning message is sufficient)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Comment thread app-setup/templates/plex-vpn-bypass.sh
… deploy

If EXTERNAL_HOSTNAME, CLOUDFLARE_ZONE_ID, or CLOUDFLARE_RECORD_ID are
empty (not set in config.conf), plex-vpn-bypass.sh would be deployed with
malformed URLs — e.g. https://:32400 for Plex and .../zones//dns_records/
for Cloudflare — silently failing every 60s. Guard now logs a warning and
skips deployment, matching the existing pattern for missing templates.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@smartwatermelon smartwatermelon merged commit 8b45f18 into main Feb 24, 2026
17 checks passed
@smartwatermelon smartwatermelon deleted the claude/cloudflare-ddns-2026-02-23 branch February 27, 2026 18:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant