feat(dns): Add support for desec

2023-05-09 12:37:14 +03:00 · 2023-05-09 12:37:14 +03:00 · 0f064a8e71
parent c7385cb9ea
commit 0f064a8e71
1 changed files with 20 additions and 22 deletions
--- a/files.nix
+++ b/files.nix
@ -1,6 +1,16 @@
 { config, pkgs, ... }:
 let
  cfg = config.services.userdata;
+  dnsCredentialsTemplates = {
+    DIGITALOCEAN = "DO_AUTH_TOKEN=REPLACEME";
+    CLOUDFLARE = ''
+      CF_API_KEY=REPLACEME
+      CLOUDFLARE_DNS_API_TOKEN=REPLACEME
+      CLOUDFLARE_ZONE_API_TOKEN=REPLACEME
+    '';
+    DESEC = "DESEC_TOKEN=REPLACEME";
+  };
+  dnsCredentialsTemplate = dnsCredentialsTemplates.${cfg.dns.provider};
 in
 {
  systemd.tmpfiles.rules =
@ -37,28 +47,16 @@ in
          rm -f /var/lib/nextcloud/db-pass
          rm -f /var/lib/nextcloud/admin-pass
        '';
-      cloudflareCredentials =
-        if cfg.dns.provider == "DIGITALOCEAN" then ''
-          mkdir -p /var/lib/cloudflare
-          chmod 0440 /var/lib/cloudflare
-          chown nginx:acmerecievers /var/lib/cloudflare
-          echo 'DO_AUTH_TOKEN=REPLACEME' > /var/lib/cloudflare/Credentials.ini
-          ${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini
-          chmod 0440 /var/lib/cloudflare/Credentials.ini
-          chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
-        ''
-        else ''
-          mkdir -p /var/lib/cloudflare
-          chmod 0440 /var/lib/cloudflare
-          chown nginx:acmerecievers /var/lib/cloudflare
-          echo 'CF_API_KEY=REPLACEME' > /var/lib/cloudflare/Credentials.ini
-          echo 'CLOUDFLARE_DNS_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
-          echo 'CLOUDFLARE_ZONE_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
-          ${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini
-          chmod 0440 /var/lib/cloudflare/Credentials.ini
-          chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
-        '';
-      resticCredentials = ''
+      cloudflareCredentials = ''
+        mkdir -p /var/lib/cloudflare
+        chmod 0440 /var/lib/cloudflare
+        chown nginx:acmerecievers /var/lib/cloudflare
+        echo '${dnsCredentialsTemplate}' > /var/lib/cloudflare/Credentials.ini
+        ${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini
+        chmod 0440 /var/lib/cloudflare/Credentials.ini
+        chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
+      ''
+        resticCredentials = ''
        mkdir -p /root/.config/rclone
        chmod 0400 /root/.config/rclone
        chown root:root /root/.config/rclone