Platform 23.11 #96

Merged
max merged 47 commits from platform-23.11 into master 2023-12-05 01:59:28 +02:00
Showing only changes of commit bfd7a4214c - Show all commits

View file

@ -1,10 +1,45 @@
{ cluster, config, pkgs, ... }: { cluster, config, depot, lib, pkgs, ... }:
let
authoritativeServers = map
(node: cluster.config.hostLinks.${node}.dnsAuthoritative.tuple)
cluster.config.services.dns.nodes.authoritative;
execScript = pkgs.writeShellScript "acme-dns-exec" ''
action="$1"
subdomain="''${2%.${depot.lib.meta.domain}.}"
key="$3"
umask 77
source "$EXEC_ENV_FILE"
headersFile="$(mktemp)"
echo "X-Direct-Key: $ACME_DNS_DIRECT_STATIC_KEY" > "$headersFile"
case "$action" in
present)
for i in {1..5}; do
${pkgs.curl}/bin/curl -X POST -s -f -H "@$headersFile" \
"${cluster.config.links.acmeDnsApi.url}/update" \
--data '{"subdomain":"'"$subdomain"'","txt":"'"$key"'"}' && break
sleep 5
done
;;
esac
'';
in
{ {
age.secrets.pdns-api-key-acme = cluster.config.vars.pdns-api-key-secret // { owner = "acme"; }; age.secrets.acmeDnsApiKey = {
file = ../dns/acme-dns-direct-key.age;
owner = "acme";
};
security.acme.defaults.credentialsFile = pkgs.writeText "acme-pdns-credentials" '' security.acme.defaults = {
PDNS_API_URL=${cluster.config.links.powerdns-api.url} extraLegoFlags = lib.flatten [
PDNS_API_KEY_FILE=${config.age.secrets.pdns-api-key-acme.path} (map (x: [ "--dns.resolvers" x ]) authoritativeServers)
''; "--dns-timeout" "30"
];
credentialsFile = pkgs.writeText "acme-exec-config" ''
EXEC_PATH=${execScript}
EXEC_ENV_FILE=${config.age.secrets.acmeDnsApiKey.path}
'';
};
} }