From bc5778fdeabbcf4f9e1dd41bdd1b33a3aa920577 Mon Sep 17 00:00:00 2001
From: Inex Code <inex.code@selfprivacy.org>
Date: Mon, 5 Jun 2023 15:45:07 +0300
Subject: [PATCH] feat(dns): Add support for DigitalOcean DNS and DeSEC DNS
 (#31)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: inexcode <inex.code@selfprivacy.org>
Co-authored-by: NaiJi ✨ <naiji@udongein.xyz>
Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/pulls/31
---
 files.nix            | 14 +++++++++++---
 letsencrypt/acme.nix |  4 ++--
 2 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/files.nix b/files.nix
index 9283e17..44347d6 100644
--- a/files.nix
+++ b/files.nix
@@ -1,6 +1,16 @@
 { config, pkgs, ... }:
 let
   cfg = config.services.userdata;
+  dnsCredentialsTemplates = {
+    DIGITALOCEAN = "DO_AUTH_TOKEN=REPLACEME";
+    CLOUDFLARE = ''
+      CF_API_KEY=REPLACEME
+      CLOUDFLARE_DNS_API_TOKEN=REPLACEME
+      CLOUDFLARE_ZONE_API_TOKEN=REPLACEME
+    '';
+    DESEC = "DESEC_TOKEN=REPLACEME";
+  };
+  dnsCredentialsTemplate = dnsCredentialsTemplates.${cfg.dns.provider};
 in
 {
   systemd.tmpfiles.rules =
@@ -41,9 +51,7 @@ in
         mkdir -p /var/lib/cloudflare
         chmod 0440 /var/lib/cloudflare
         chown nginx:acmerecievers /var/lib/cloudflare
-        echo 'CF_API_KEY=REPLACEME' > /var/lib/cloudflare/Credentials.ini
-        echo 'CLOUDFLARE_DNS_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
-        echo 'CLOUDFLARE_ZONE_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
+        echo '${dnsCredentialsTemplate}' > /var/lib/cloudflare/Credentials.ini
         ${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini
         chmod 0440 /var/lib/cloudflare/Credentials.ini
         chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
diff --git a/letsencrypt/acme.nix b/letsencrypt/acme.nix
index 892e762..fd8b3e4 100644
--- a/letsencrypt/acme.nix
+++ b/letsencrypt/acme.nix
@@ -17,13 +17,13 @@ in
         domain = "*.${cfg.domain}";
         extraDomainNames = [ "${cfg.domain}" ];
         group = "acmerecievers";
-        dnsProvider = "cloudflare";
+        dnsProvider = lib.strings.toLower cfg.dns.provider;
         credentialsFile = "/var/lib/cloudflare/Credentials.ini";
       };
       "meet.${cfg.domain}" = {
         domain = "meet.${cfg.domain}";
         group = "acmerecievers";
-        dnsProvider = "cloudflare";
+        dnsProvider = lib.strings.toLower cfg.dns.provider;
         credentialsFile = "/var/lib/cloudflare/Credentials.ini";
       };
     };