pyrox.dev / nixpkgs
lol
fork atom

services(cloudflare-dyndns): use new `CLOUDFLARE_API_TOKEN_FILE` setting (#401634)

Yt ae0f2bc1 e5caadfb

options
unified split
Changed files
+3 -2
nixos
modules
services
networking
cloudflare-dyndns.nix
+3 -2
nixos/modules/services/networking/cloudflare-dyndns.nix 
···

       
108

       
 

       
              ++ lib.optional cfg.proxied "--proxied";


     

       
109

       
 

       
          in


     

       
110

       
 

       
          ''


     

       
111

       
-

       
            export CLOUDFLARE_API_TOKEN=$(< "''${CREDENTIALS_DIRECTORY}/apiToken")


     

       
112

       
 

       



     

       
113

       
 

       
            # Added 2025-03-10: `cfg.apiTokenFile` used to be passed as an


     

       
114

       
 

       
            # `EnvironmentFile` to the service, which required it to be of


     

       
115

       
 

       
            # the form "CLOUDFLARE_API_TOKEN=" rather than just the secret.


     

       
116

       
 

       
            # If we detect this legacy usage, error out.


     

       
117

       
-

       
            if [[ $CLOUDFLARE_API_TOKEN == CLOUDFLARE_API_TOKEN* ]]; then


     

       

       

       
     

       
118

       
 

       
              echo "Error: your api token starts with 'CLOUDFLARE_API_TOKEN='. Remove that, and instead specify just the token." >&2


     

       
119

       
 

       
              exit 1


     

       
120

       
 

       
            fi


     
···

       
108

       
 

       
              ++ lib.optional cfg.proxied "--proxied";


     

       
109

       
 

       
          in


     

       
110

       
 

       
          ''


     

       
111

       
+

       
            export CLOUDFLARE_API_TOKEN_FILE=''${CREDENTIALS_DIRECTORY}/apiToken


     

       
112

       
 

       



     

       
113

       
 

       
            # Added 2025-03-10: `cfg.apiTokenFile` used to be passed as an


     

       
114

       
 

       
            # `EnvironmentFile` to the service, which required it to be of


     

       
115

       
 

       
            # the form "CLOUDFLARE_API_TOKEN=" rather than just the secret.


     

       
116

       
 

       
            # If we detect this legacy usage, error out.


     

       
117

       
+

       
            token=$(< "''${CLOUDFLARE_API_TOKEN_FILE}")


     

       
118

       
+

       
            if [[ $token == CLOUDFLARE_API_TOKEN* ]]; then


     

       
119

       
 

       
              echo "Error: your api token starts with 'CLOUDFLARE_API_TOKEN='. Remove that, and instead specify just the token." >&2


     

       
120

       
 

       
              exit 1


     

       
121

       
 

       
            fi