-
-
Notifications
You must be signed in to change notification settings - Fork 13.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/cfdyndns: add option to use CF token #253728
Conversation
766c4ad
to
a010adc
Compare
a010adc
to
7e2d28c
Compare
CLOUDFLARE_RECORDS="${concatStringsSep "," cfg.records}"; | ||
}; | ||
script = '' | ||
${optionalString (cfg.apikeyFile != null) '' | ||
export CLOUDFLARE_APIKEY="$(cat ${escapeShellArg cfg.apikeyFile})" | ||
export CLOUDFLARE_EMAIL="${cfg.email}" | ||
''} | ||
${optionalString (cfg.apiTokenFile != null) '' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What will be used if both apikeyFile
and apiTokenFile
are set? Should we add an assertion to make sure only one of them is set to reduce confusing?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Well it depends on the implementation. In the current package in nixpkgs, the Rust binary prefers the api key, email combo, and will use it if both are present. In my recent refactor, the opposite is true and the token is prefered.
Either way, it won't hurt anything and nothing will break, but perhaps an assert would be a nicety; by no means essential though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This isn't quite true, it will prefer the APITOKEN: https://github.com/colemickens/cfdyndns/blob/31d576a3700989fe7533081b238154289eab84e2/src/main.rs#L42-L55
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah did you change that recently or am I just going senile 😅
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am jetlagged, and I don't want to call you senile... but... according to the blame, it was at least 2 years ago 😄 https://github.com/colemickens/cfdyndns/blame/31d576a3700989fe7533081b238154289eab84e2/src/main.rs#L42-L55
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think my question is, why did I implement it in cfdyndns
and then never make it usable in the module here? Who knows....
LGTM, I'll merge soon unless someone else protests and thinks the assert is necessary. |
hey, it looked like that PR was ready to merge, so I went ahead, I hope it's fine by everyone. |
also small thing I just noticed looking at this module. Perhaps we should run it as a DynamicUser ? |
Description of changes
Adds an option to set a file path containing a cloudflare API token, instead of using an api key/email combo
Things done
sandbox = true
set innix.conf
? (See Nix manual)nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)