From c7385cb9ea719a3ba121e1fda9b4cd85f719aa9f Mon Sep 17 00:00:00 2001
From: Inex Code <inex.code@selfprivacy.org>
Date: Mon, 6 Feb 2023 12:05:07 +0300
Subject: [PATCH 1/4] feat: Add Digital Ocean as a DNS provider

---
 files.nix            | 32 +++++++++++++++++++++-----------
 letsencrypt/acme.nix |  4 ++--
 2 files changed, 23 insertions(+), 13 deletions(-)

diff --git a/files.nix b/files.nix
index 9283e17..348c818 100644
--- a/files.nix
+++ b/files.nix
@@ -37,17 +37,27 @@ in
           rm -f /var/lib/nextcloud/db-pass
           rm -f /var/lib/nextcloud/admin-pass
         '';
-      cloudflareCredentials = ''
-        mkdir -p /var/lib/cloudflare
-        chmod 0440 /var/lib/cloudflare
-        chown nginx:acmerecievers /var/lib/cloudflare
-        echo 'CF_API_KEY=REPLACEME' > /var/lib/cloudflare/Credentials.ini
-        echo 'CLOUDFLARE_DNS_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
-        echo 'CLOUDFLARE_ZONE_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
-        ${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini
-        chmod 0440 /var/lib/cloudflare/Credentials.ini
-        chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
-      '';
+      cloudflareCredentials =
+        if cfg.dns.provider == "DIGITALOCEAN" then ''
+          mkdir -p /var/lib/cloudflare
+          chmod 0440 /var/lib/cloudflare
+          chown nginx:acmerecievers /var/lib/cloudflare
+          echo 'DO_AUTH_TOKEN=REPLACEME' > /var/lib/cloudflare/Credentials.ini
+          ${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini
+          chmod 0440 /var/lib/cloudflare/Credentials.ini
+          chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
+        ''
+        else ''
+          mkdir -p /var/lib/cloudflare
+          chmod 0440 /var/lib/cloudflare
+          chown nginx:acmerecievers /var/lib/cloudflare
+          echo 'CF_API_KEY=REPLACEME' > /var/lib/cloudflare/Credentials.ini
+          echo 'CLOUDFLARE_DNS_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
+          echo 'CLOUDFLARE_ZONE_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
+          ${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini
+          chmod 0440 /var/lib/cloudflare/Credentials.ini
+          chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
+        '';
       resticCredentials = ''
         mkdir -p /root/.config/rclone
         chmod 0400 /root/.config/rclone
diff --git a/letsencrypt/acme.nix b/letsencrypt/acme.nix
index 892e762..fd8b3e4 100644
--- a/letsencrypt/acme.nix
+++ b/letsencrypt/acme.nix
@@ -17,13 +17,13 @@ in
         domain = "*.${cfg.domain}";
         extraDomainNames = [ "${cfg.domain}" ];
         group = "acmerecievers";
-        dnsProvider = "cloudflare";
+        dnsProvider = lib.strings.toLower cfg.dns.provider;
         credentialsFile = "/var/lib/cloudflare/Credentials.ini";
       };
       "meet.${cfg.domain}" = {
         domain = "meet.${cfg.domain}";
         group = "acmerecievers";
-        dnsProvider = "cloudflare";
+        dnsProvider = lib.strings.toLower cfg.dns.provider;
         credentialsFile = "/var/lib/cloudflare/Credentials.ini";
       };
     };
-- 
2.42.0


From 0f064a8e719d0f83d71fe99e1f5aa4aa8a0763d2 Mon Sep 17 00:00:00 2001
From: inexcode <inex.code@selfprivacy.org>
Date: Tue, 9 May 2023 12:37:14 +0300
Subject: [PATCH 2/4] feat(dns): Add support for desec

---
 files.nix | 42 ++++++++++++++++++++----------------------
 1 file changed, 20 insertions(+), 22 deletions(-)

diff --git a/files.nix b/files.nix
index 348c818..1e3d666 100644
--- a/files.nix
+++ b/files.nix
@@ -1,6 +1,16 @@
 { config, pkgs, ... }:
 let
   cfg = config.services.userdata;
+  dnsCredentialsTemplates = {
+    DIGITALOCEAN = "DO_AUTH_TOKEN=REPLACEME";
+    CLOUDFLARE = ''
+      CF_API_KEY=REPLACEME
+      CLOUDFLARE_DNS_API_TOKEN=REPLACEME
+      CLOUDFLARE_ZONE_API_TOKEN=REPLACEME
+    '';
+    DESEC = "DESEC_TOKEN=REPLACEME";
+  };
+  dnsCredentialsTemplate = dnsCredentialsTemplates.${cfg.dns.provider};
 in
 {
   systemd.tmpfiles.rules =
@@ -37,28 +47,16 @@ in
           rm -f /var/lib/nextcloud/db-pass
           rm -f /var/lib/nextcloud/admin-pass
         '';
-      cloudflareCredentials =
-        if cfg.dns.provider == "DIGITALOCEAN" then ''
-          mkdir -p /var/lib/cloudflare
-          chmod 0440 /var/lib/cloudflare
-          chown nginx:acmerecievers /var/lib/cloudflare
-          echo 'DO_AUTH_TOKEN=REPLACEME' > /var/lib/cloudflare/Credentials.ini
-          ${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini
-          chmod 0440 /var/lib/cloudflare/Credentials.ini
-          chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
-        ''
-        else ''
-          mkdir -p /var/lib/cloudflare
-          chmod 0440 /var/lib/cloudflare
-          chown nginx:acmerecievers /var/lib/cloudflare
-          echo 'CF_API_KEY=REPLACEME' > /var/lib/cloudflare/Credentials.ini
-          echo 'CLOUDFLARE_DNS_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
-          echo 'CLOUDFLARE_ZONE_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
-          ${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini
-          chmod 0440 /var/lib/cloudflare/Credentials.ini
-          chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
-        '';
-      resticCredentials = ''
+      cloudflareCredentials = ''
+        mkdir -p /var/lib/cloudflare
+        chmod 0440 /var/lib/cloudflare
+        chown nginx:acmerecievers /var/lib/cloudflare
+        echo '${dnsCredentialsTemplate}' > /var/lib/cloudflare/Credentials.ini
+        ${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini
+        chmod 0440 /var/lib/cloudflare/Credentials.ini
+        chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
+      ''
+        resticCredentials = ''
         mkdir -p /root/.config/rclone
         chmod 0400 /root/.config/rclone
         chown root:root /root/.config/rclone
-- 
2.42.0


From 2bd30004b5ff049166103fe3260a64b95ad5f1e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?NaiJi=20=E2=9C=A8?= <naiji@udongein.xyz>
Date: Mon, 15 May 2023 13:44:32 +0300
Subject: [PATCH 3/4] Update 'files.nix'

---
 files.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/files.nix b/files.nix
index 1e3d666..8147ee0 100644
--- a/files.nix
+++ b/files.nix
@@ -55,7 +55,7 @@ in
         ${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini
         chmod 0440 /var/lib/cloudflare/Credentials.ini
         chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
-      ''
+      '';
         resticCredentials = ''
         mkdir -p /root/.config/rclone
         chmod 0400 /root/.config/rclone
-- 
2.42.0


From 7841c28e2ee9332501bae51f9b855d2f8b654c5b Mon Sep 17 00:00:00 2001
From: Inex Code <inex.code@selfprivacy.org>
Date: Mon, 5 Jun 2023 15:43:36 +0300
Subject: [PATCH 4/4] style: fix formatting

---
 files.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/files.nix b/files.nix
index 8147ee0..44347d6 100644
--- a/files.nix
+++ b/files.nix
@@ -56,7 +56,7 @@ in
         chmod 0440 /var/lib/cloudflare/Credentials.ini
         chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
       '';
-        resticCredentials = ''
+      resticCredentials = ''
         mkdir -p /root/.config/rclone
         chmod 0400 /root/.config/rclone
         chown root:root /root/.config/rclone
-- 
2.42.0