From 63bb533058c0af0e2db51eb1525bc6179dd2286b Mon Sep 17 00:00:00 2001 From: Houkime Date: Mon, 31 Oct 2022 21:08:19 +0200 Subject: [PATCH] migrate to new dns, vps provider and backup json storage --- configuration.nix | 2 +- files.nix | 6 +++--- letsencrypt/acme.nix | 2 +- variables-module.nix | 10 ++++++++++ variables.nix | 4 ++++ 5 files changed, 19 insertions(+), 5 deletions(-) diff --git a/configuration.nix b/configuration.nix index 70c1263..bdb62fa 100644 --- a/configuration.nix +++ b/configuration.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: let - url-overlay = "https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nix-repo/archive/master.tar.gz"; + url-overlay = "https://git.selfprivacy.org/houkime/selfprivacy-nix-repo/archive/master.tar.gz"; nix-overlay = (import (builtins.fetchTarball url-overlay)); in { diff --git a/files.nix b/files.nix index b3b2b74..37056f5 100644 --- a/files.nix +++ b/files.nix @@ -43,7 +43,7 @@ in echo 'CF_API_KEY=REPLACEME' > /var/lib/cloudflare/Credentials.ini echo 'CLOUDFLARE_DNS_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini echo 'CLOUDFLARE_ZONE_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini - ${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.cloudflare.apiKey')/g" /var/lib/cloudflare/Credentials.ini + ${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini chmod 0440 /var/lib/cloudflare/Credentials.ini chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini ''; @@ -56,8 +56,8 @@ in echo 'account = REPLACEME1' >> /root/.config/rclone/rclone.conf echo 'key = REPLACEME2' >> /root/.config/rclone/rclone.conf - ${sed} -i "s/REPLACEME1/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.backblaze.accountId')/g" /root/.config/rclone/rclone.conf - ${sed} -i "s/REPLACEME2/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.backblaze.accountKey')/g" /root/.config/rclone/rclone.conf + ${sed} -i "s/REPLACEME1/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.backup.accountId')/g" /root/.config/rclone/rclone.conf + ${sed} -i "s/REPLACEME2/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.backup.accountKey')/g" /root/.config/rclone/rclone.conf chmod 0400 /root/.config/rclone/rclone.conf chown root:root /root/.config/rclone/rclone.conf diff --git a/letsencrypt/acme.nix b/letsencrypt/acme.nix index ea2467e..b3525d5 100644 --- a/letsencrypt/acme.nix +++ b/letsencrypt/acme.nix @@ -14,7 +14,7 @@ in domain = "*.${cfg.domain}"; extraDomainNames = [ "${cfg.domain}" ]; group = "acmerecievers"; - dnsProvider = "cloudflare"; + dnsProvider = if cfg.dns.provider == "CLOUDFLARE" then "cloudflare" else abort "unknown DNS provider ${cfg.dns.provider}"; credentialsFile = "/var/lib/cloudflare/Credentials.ini"; }; "meet.${cfg.domain}" = { diff --git a/variables-module.nix b/variables-module.nix index 43bc7fd..cc1350b 100644 --- a/variables-module.nix +++ b/variables-module.nix @@ -63,6 +63,16 @@ in type = types.nullOr (types.listOf types.str); default = [ ]; }; + dns = { + provider = mkOption { + description = "DNS provider that was defined at the initial setup process. Default is ClOUDFLARE"; + type = types.nullOr types.str; + }; + apiKey = mkOption { + description = "A key to DNS provider's API, used for setting up domain and SSL"; + type = types.nullOr types.str; + }; + }; ############### # API options # ############### diff --git a/variables.nix b/variables.nix index 6651999..275f6cc 100644 --- a/variables.nix +++ b/variables.nix @@ -18,6 +18,10 @@ in enableSwagger = lib.attrsets.attrByPath [ "api" "enableSwagger" ] false jsonData; skippedMigrations = lib.attrsets.attrByPath [ "api" "skippedMigrations" ] [ ] jsonData; }; + dns = { + provider = lib.attrsets.attrByPath["dns" "provider"] "" jsonData; + apiKey = lib.attrsets.attrByPath["dns" "apiKey"] "" jsonData; + }; backblaze = { bucket = lib.attrsets.attrByPath [ "backblaze" "bucket" ] "" jsonData; };