feat(dns): Add support for desec
parent
c7385cb9ea
commit
0f064a8e71
42
files.nix
42
files.nix
|
@ -1,6 +1,16 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.services.userdata;
|
cfg = config.services.userdata;
|
||||||
|
dnsCredentialsTemplates = {
|
||||||
|
DIGITALOCEAN = "DO_AUTH_TOKEN=REPLACEME";
|
||||||
|
CLOUDFLARE = ''
|
||||||
|
CF_API_KEY=REPLACEME
|
||||||
|
CLOUDFLARE_DNS_API_TOKEN=REPLACEME
|
||||||
|
CLOUDFLARE_ZONE_API_TOKEN=REPLACEME
|
||||||
|
'';
|
||||||
|
DESEC = "DESEC_TOKEN=REPLACEME";
|
||||||
|
};
|
||||||
|
dnsCredentialsTemplate = dnsCredentialsTemplates.${cfg.dns.provider};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
systemd.tmpfiles.rules =
|
systemd.tmpfiles.rules =
|
||||||
|
@ -37,28 +47,16 @@ in
|
||||||
rm -f /var/lib/nextcloud/db-pass
|
rm -f /var/lib/nextcloud/db-pass
|
||||||
rm -f /var/lib/nextcloud/admin-pass
|
rm -f /var/lib/nextcloud/admin-pass
|
||||||
'';
|
'';
|
||||||
cloudflareCredentials =
|
cloudflareCredentials = ''
|
||||||
if cfg.dns.provider == "DIGITALOCEAN" then ''
|
mkdir -p /var/lib/cloudflare
|
||||||
mkdir -p /var/lib/cloudflare
|
chmod 0440 /var/lib/cloudflare
|
||||||
chmod 0440 /var/lib/cloudflare
|
chown nginx:acmerecievers /var/lib/cloudflare
|
||||||
chown nginx:acmerecievers /var/lib/cloudflare
|
echo '${dnsCredentialsTemplate}' > /var/lib/cloudflare/Credentials.ini
|
||||||
echo 'DO_AUTH_TOKEN=REPLACEME' > /var/lib/cloudflare/Credentials.ini
|
${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini
|
||||||
${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini
|
chmod 0440 /var/lib/cloudflare/Credentials.ini
|
||||||
chmod 0440 /var/lib/cloudflare/Credentials.ini
|
chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
|
||||||
chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
|
''
|
||||||
''
|
resticCredentials = ''
|
||||||
else ''
|
|
||||||
mkdir -p /var/lib/cloudflare
|
|
||||||
chmod 0440 /var/lib/cloudflare
|
|
||||||
chown nginx:acmerecievers /var/lib/cloudflare
|
|
||||||
echo 'CF_API_KEY=REPLACEME' > /var/lib/cloudflare/Credentials.ini
|
|
||||||
echo 'CLOUDFLARE_DNS_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
|
|
||||||
echo 'CLOUDFLARE_ZONE_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
|
|
||||||
${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini
|
|
||||||
chmod 0440 /var/lib/cloudflare/Credentials.ini
|
|
||||||
chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
|
|
||||||
'';
|
|
||||||
resticCredentials = ''
|
|
||||||
mkdir -p /root/.config/rclone
|
mkdir -p /root/.config/rclone
|
||||||
chmod 0400 /root/.config/rclone
|
chmod 0400 /root/.config/rclone
|
||||||
chown root:root /root/.config/rclone
|
chown root:root /root/.config/rclone
|
||||||
|
|
Loading…
Reference in New Issue