SelfPrivacy
/
selfprivacy-nixos-config
6
3
Fork 7
Code Issues 20 Pull Requests 1 Projects Releases Wiki Activity

feat(dns): Add support for desec

pull/31/head
Inex Code 2023-05-09 12:37:14 +03:00 committed by Inex Code
parent c7385cb9ea
commit 0f064a8e71
1 changed files with 20 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
files.nix
View File

@ -1,6 +1,16 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let let
cfg = config.services.userdata; cfg = config.services.userdata;
dnsCredentialsTemplates = {
DIGITALOCEAN = "DO_AUTH_TOKEN=REPLACEME";
CLOUDFLARE = ''
CF_API_KEY=REPLACEME
CLOUDFLARE_DNS_API_TOKEN=REPLACEME
CLOUDFLARE_ZONE_API_TOKEN=REPLACEME
'';
DESEC = "DESEC_TOKEN=REPLACEME";
};
dnsCredentialsTemplate = dnsCredentialsTemplates.${cfg.dns.provider};
in in
{ {
systemd.tmpfiles.rules = systemd.tmpfiles.rules =
@ -37,28 +47,16 @@ in
rm -f /var/lib/nextcloud/db-pass rm -f /var/lib/nextcloud/db-pass
rm -f /var/lib/nextcloud/admin-pass rm -f /var/lib/nextcloud/admin-pass
''; '';
cloudflareCredentials = cloudflareCredentials = ''
if cfg.dns.provider == "DIGITALOCEAN" then '' mkdir -p /var/lib/cloudflare
mkdir -p /var/lib/cloudflare chmod 0440 /var/lib/cloudflare
chmod 0440 /var/lib/cloudflare chown nginx:acmerecievers /var/lib/cloudflare
chown nginx:acmerecievers /var/lib/cloudflare echo '${dnsCredentialsTemplate}' > /var/lib/cloudflare/Credentials.ini
echo 'DO_AUTH_TOKEN=REPLACEME' > /var/lib/cloudflare/Credentials.ini ${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini
${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini chmod 0440 /var/lib/cloudflare/Credentials.ini
chmod 0440 /var/lib/cloudflare/Credentials.ini chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini ''
'' resticCredentials = ''
else ''
mkdir -p /var/lib/cloudflare
chmod 0440 /var/lib/cloudflare
chown nginx:acmerecievers /var/lib/cloudflare
echo 'CF_API_KEY=REPLACEME' > /var/lib/cloudflare/Credentials.ini
echo 'CLOUDFLARE_DNS_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
echo 'CLOUDFLARE_ZONE_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini
chmod 0440 /var/lib/cloudflare/Credentials.ini
chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
'';
resticCredentials = ''
mkdir -p /root/.config/rclone mkdir -p /root/.config/rclone
chmod 0400 /root/.config/rclone chmod 0400 /root/.config/rclone
chown root:root /root/.config/rclone chown root:root /root/.config/rclone