migrate to new dns, vps provider and backup json storage
parent
53c9655b7b
commit
63bb533058
|
@ -1,6 +1,6 @@
|
||||||
{ config, pkgs, lib, ... }:
|
{ config, pkgs, lib, ... }:
|
||||||
let
|
let
|
||||||
url-overlay = "https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nix-repo/archive/master.tar.gz";
|
url-overlay = "https://git.selfprivacy.org/houkime/selfprivacy-nix-repo/archive/master.tar.gz";
|
||||||
nix-overlay = (import (builtins.fetchTarball url-overlay));
|
nix-overlay = (import (builtins.fetchTarball url-overlay));
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
|
|
@ -43,7 +43,7 @@ in
|
||||||
echo 'CF_API_KEY=REPLACEME' > /var/lib/cloudflare/Credentials.ini
|
echo 'CF_API_KEY=REPLACEME' > /var/lib/cloudflare/Credentials.ini
|
||||||
echo 'CLOUDFLARE_DNS_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
|
echo 'CLOUDFLARE_DNS_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
|
||||||
echo 'CLOUDFLARE_ZONE_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
|
echo 'CLOUDFLARE_ZONE_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
|
||||||
${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.cloudflare.apiKey')/g" /var/lib/cloudflare/Credentials.ini
|
${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini
|
||||||
chmod 0440 /var/lib/cloudflare/Credentials.ini
|
chmod 0440 /var/lib/cloudflare/Credentials.ini
|
||||||
chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
|
chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini
|
||||||
'';
|
'';
|
||||||
|
@ -56,8 +56,8 @@ in
|
||||||
echo 'account = REPLACEME1' >> /root/.config/rclone/rclone.conf
|
echo 'account = REPLACEME1' >> /root/.config/rclone/rclone.conf
|
||||||
echo 'key = REPLACEME2' >> /root/.config/rclone/rclone.conf
|
echo 'key = REPLACEME2' >> /root/.config/rclone/rclone.conf
|
||||||
|
|
||||||
${sed} -i "s/REPLACEME1/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.backblaze.accountId')/g" /root/.config/rclone/rclone.conf
|
${sed} -i "s/REPLACEME1/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.backup.accountId')/g" /root/.config/rclone/rclone.conf
|
||||||
${sed} -i "s/REPLACEME2/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.backblaze.accountKey')/g" /root/.config/rclone/rclone.conf
|
${sed} -i "s/REPLACEME2/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.backup.accountKey')/g" /root/.config/rclone/rclone.conf
|
||||||
|
|
||||||
chmod 0400 /root/.config/rclone/rclone.conf
|
chmod 0400 /root/.config/rclone/rclone.conf
|
||||||
chown root:root /root/.config/rclone/rclone.conf
|
chown root:root /root/.config/rclone/rclone.conf
|
||||||
|
|
|
@ -14,7 +14,7 @@ in
|
||||||
domain = "*.${cfg.domain}";
|
domain = "*.${cfg.domain}";
|
||||||
extraDomainNames = [ "${cfg.domain}" ];
|
extraDomainNames = [ "${cfg.domain}" ];
|
||||||
group = "acmerecievers";
|
group = "acmerecievers";
|
||||||
dnsProvider = "cloudflare";
|
dnsProvider = if cfg.dns.provider == "CLOUDFLARE" then "cloudflare" else abort "unknown DNS provider ${cfg.dns.provider}";
|
||||||
credentialsFile = "/var/lib/cloudflare/Credentials.ini";
|
credentialsFile = "/var/lib/cloudflare/Credentials.ini";
|
||||||
};
|
};
|
||||||
"meet.${cfg.domain}" = {
|
"meet.${cfg.domain}" = {
|
||||||
|
|
|
@ -63,6 +63,16 @@ in
|
||||||
type = types.nullOr (types.listOf types.str);
|
type = types.nullOr (types.listOf types.str);
|
||||||
default = [ ];
|
default = [ ];
|
||||||
};
|
};
|
||||||
|
dns = {
|
||||||
|
provider = mkOption {
|
||||||
|
description = "DNS provider that was defined at the initial setup process. Default is ClOUDFLARE";
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
apiKey = mkOption {
|
||||||
|
description = "A key to DNS provider's API, used for setting up domain and SSL";
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
};
|
||||||
|
};
|
||||||
###############
|
###############
|
||||||
# API options #
|
# API options #
|
||||||
###############
|
###############
|
||||||
|
|
|
@ -18,6 +18,10 @@ in
|
||||||
enableSwagger = lib.attrsets.attrByPath [ "api" "enableSwagger" ] false jsonData;
|
enableSwagger = lib.attrsets.attrByPath [ "api" "enableSwagger" ] false jsonData;
|
||||||
skippedMigrations = lib.attrsets.attrByPath [ "api" "skippedMigrations" ] [ ] jsonData;
|
skippedMigrations = lib.attrsets.attrByPath [ "api" "skippedMigrations" ] [ ] jsonData;
|
||||||
};
|
};
|
||||||
|
dns = {
|
||||||
|
provider = lib.attrsets.attrByPath["dns" "provider"] "" jsonData;
|
||||||
|
apiKey = lib.attrsets.attrByPath["dns" "apiKey"] "" jsonData;
|
||||||
|
};
|
||||||
backblaze = {
|
backblaze = {
|
||||||
bucket = lib.attrsets.attrByPath [ "backblaze" "bucket" ] "" jsonData;
|
bucket = lib.attrsets.attrByPath [ "backblaze" "bucket" ] "" jsonData;
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in New Issue