feat(dns): Add support for DigitalOcean DNS and DeSEC DNS (#31)

Co-authored-by: inexcode <inex.code@selfprivacy.org>
Co-authored-by: NaiJi  <naiji@udongein.xyz>
Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/pulls/31
This commit is contained in:
Inex Code 2023-06-05 15:45:07 +03:00
parent 8d99d1c78a
commit bc5778fdea
2 changed files with 13 additions and 5 deletions

View file

@ -1,6 +1,16 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
let let
cfg = config.services.userdata; cfg = config.services.userdata;
dnsCredentialsTemplates = {
DIGITALOCEAN = "DO_AUTH_TOKEN=REPLACEME";
CLOUDFLARE = ''
CF_API_KEY=REPLACEME
CLOUDFLARE_DNS_API_TOKEN=REPLACEME
CLOUDFLARE_ZONE_API_TOKEN=REPLACEME
'';
DESEC = "DESEC_TOKEN=REPLACEME";
};
dnsCredentialsTemplate = dnsCredentialsTemplates.${cfg.dns.provider};
in in
{ {
systemd.tmpfiles.rules = systemd.tmpfiles.rules =
@ -41,9 +51,7 @@ in
mkdir -p /var/lib/cloudflare mkdir -p /var/lib/cloudflare
chmod 0440 /var/lib/cloudflare chmod 0440 /var/lib/cloudflare
chown nginx:acmerecievers /var/lib/cloudflare chown nginx:acmerecievers /var/lib/cloudflare
echo 'CF_API_KEY=REPLACEME' > /var/lib/cloudflare/Credentials.ini echo '${dnsCredentialsTemplate}' > /var/lib/cloudflare/Credentials.ini
echo 'CLOUDFLARE_DNS_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
echo 'CLOUDFLARE_ZONE_API_TOKEN=REPLACEME' >> /var/lib/cloudflare/Credentials.ini
${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini ${sed} -i "s/REPLACEME/$(cat /etc/nixos/userdata/userdata.json | ${jq} -r '.dns.apiKey')/g" /var/lib/cloudflare/Credentials.ini
chmod 0440 /var/lib/cloudflare/Credentials.ini chmod 0440 /var/lib/cloudflare/Credentials.ini
chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini chown nginx:acmerecievers /var/lib/cloudflare/Credentials.ini

View file

@ -17,13 +17,13 @@ in
domain = "*.${cfg.domain}"; domain = "*.${cfg.domain}";
extraDomainNames = [ "${cfg.domain}" ]; extraDomainNames = [ "${cfg.domain}" ];
group = "acmerecievers"; group = "acmerecievers";
dnsProvider = "cloudflare"; dnsProvider = lib.strings.toLower cfg.dns.provider;
credentialsFile = "/var/lib/cloudflare/Credentials.ini"; credentialsFile = "/var/lib/cloudflare/Credentials.ini";
}; };
"meet.${cfg.domain}" = { "meet.${cfg.domain}" = {
domain = "meet.${cfg.domain}"; domain = "meet.${cfg.domain}";
group = "acmerecievers"; group = "acmerecievers";
dnsProvider = "cloudflare"; dnsProvider = lib.strings.toLower cfg.dns.provider;
credentialsFile = "/var/lib/cloudflare/Credentials.ini"; credentialsFile = "/var/lib/cloudflare/Credentials.ini";
}; };
}; };