feat(dns): Add support for desec
parent
c7385cb9ea
commit
0f064a8e71
42
files.nix
42
files.nix
|
@ -1,6 +1,16 @@
|
|||
{ config, pkgs, ... }:
|
||||
let
|
||||
cfg = config.services.userdata;
|
||||
dnsCredentialsTemplates = {
|
||||
DIGITALOCEAN = "DO_AUTH_TOKEN=REPLACEME";
|
||||
CLOUDFLARE = ''
|
||||
CF_API_KEY=REPLACEME
|
||||
CLOUDFLARE_DNS_API_TOKEN=REPLACEME
|
||||
CLOUDFLARE_ZONE_API_TOKEN=REPLACEME
|
||||
'';
|
||||
DESEC = "DESEC_TOKEN=REPLACEME";
|
||||
};
|
||||
dnsCredentialsTemplate = dnsCredentialsTemplates.${cfg.dns.provider};
|
||||
in
|
||||
{
|
||||
systemd.tmpfiles.rules =
|
||||
|
@ -37,28 +47,16 @@ in
|
|||
rm -f /var/lib/nextcloud/db-pass
|
||||
rm -f /var/lib/nextcloud/admin-pass
|
||||
'';
|
||||
cloudflareCredentials =
|
||||
if cfg.dns.provider == "DIGITALOCEAN" then ''
|
||||
mkdir -p /var/lib/cloudflare
|
||||
chmod 0440 /var/lib/cloudflare
|
||||
chown nginx:acmerecievers /var/lib/cloudflare
|
||||
echo 'DO_AUTH_TOKEN=REPLACEME' > /var/lib/cloudflare/Credentials.ini
|
||||
${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini
|
||||
chmod 0440 /var/lib/cloudflare/Credentials.ini
|
||||
chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
|
||||
''
|
||||
else ''
|
||||
mkdir -p /var/lib/cloudflare
|
||||
chmod 0440 /var/lib/cloudflare
|
||||
chown nginx:acmerecievers /var/lib/cloudflare
|
||||
echo 'CF_API_KEY=REPLACEME' > /var/lib/cloudflare/Credentials.ini
|
||||
echo 'CLOUDFLARE_DNS_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
|
||||
echo 'CLOUDFLARE_ZONE_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
|
||||
${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini
|
||||
chmod 0440 /var/lib/cloudflare/Credentials.ini
|
||||
chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
|
||||
'';
|
||||
resticCredentials = ''
|
||||
cloudflareCredentials = ''
|
||||
mkdir -p /var/lib/cloudflare
|
||||
chmod 0440 /var/lib/cloudflare
|
||||
chown nginx:acmerecievers /var/lib/cloudflare
|
||||
echo '${dnsCredentialsTemplate}' > /var/lib/cloudflare/Credentials.ini
|
||||
${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini
|
||||
chmod 0440 /var/lib/cloudflare/Credentials.ini
|
||||
chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
|
||||
''
|
||||
resticCredentials = ''
|
||||
mkdir -p /root/.config/rclone
|
||||
chmod 0400 /root/.config/rclone
|
||||
chown root:root /root/.config/rclone
|
||||
|
|
Loading…
Reference in New Issue