diff --git a/nix-system-configs/modules/system/traefik.nix b/nix-system-configs/modules/system/traefik.nix index d5e8764..fdcc0c9 100644 --- a/nix-system-configs/modules/system/traefik.nix +++ b/nix-system-configs/modules/system/traefik.nix @@ -644,21 +644,28 @@ in { ${pkgs.util-linux}/bin/logger -s "DDNS Updater: No zone_identifier arg provided; using zone_identifier env: '$zone_identifier'" fi + # If auth_email/auth_key were passed as the 3rd/4th arguments, use them (wrapper now passes them) + if [ -n "$3" ]; then + auth_email="$3" + ${pkgs.util-linux}/bin/logger -s "DDNS Updater: Using auth_email from arg: '$auth_email'" + else + ${pkgs.util-linux}/bin/logger -s "DDNS Updater: No auth_email arg provided; using auth_email env: '$auth_email'" + fi + + if [ -n "$4" ]; then + auth_key="$4" + # avoid printing the key itself to logs; show length instead + ${pkgs.util-linux}/bin/logger -s "DDNS Updater: Using auth_key from arg (length=''${#auth_key})" + else + ${pkgs.util-linux}/bin/logger -s "DDNS Updater: No auth_key arg provided; using auth_key env (length=''${#auth_key})" + fi + # Fail fast if we still don't have a zone identifier if [ -z "$zone_identifier" ]; then ${pkgs.util-linux}/bin/logger -s "DDNS Updater: zone_identifier is empty — cannot proceed (invalid zone)." exit 2 fi - # Debug: log auth status - ${pkgs.util-linux}/bin/logger -s "DDNS Updater: auth_key length: ''${#auth_key}, auth_email: '$auth_email', auth_method: '$auth_method'" - - # Fail fast if we don't have auth credentials - if [ -z "$auth_key" ]; then - ${pkgs.util-linux}/bin/logger -s "DDNS Updater: auth_key is empty — cannot authenticate with Cloudflare." - exit 2 - fi - ########################################### ## Check and set the proper auth header ########################################### @@ -678,9 +685,6 @@ in { -H "''$auth_header ''$auth_key" \ -H "Content-Type: application/json") - # Debug: log first 200 chars of response - ${pkgs.util-linux}/bin/logger -s "DDNS Updater: Record fetch response (first 200 chars): ''${record:0:200}" - ########################################### ## Check if the domain has an A record ########################################### @@ -689,12 +693,6 @@ in { exit 1 fi - # Check if the API returned an error - if [[ $record == *"\\"success\\":false"* ]]; then - ${pkgs.util-linux}/bin/logger -s "DDNS Updater: Cloudflare API returned error: $record" - exit 1 - fi - ########################################### ## Get existing IP ########################################### @@ -710,14 +708,6 @@ in { ########################################### record_identifier=$(echo "$record" | sed -E 's/.*"id":"([A-Za-z0-9_]+)".*/\\1/') - # Fail fast if we couldn't extract the record ID - if [ -z "$record_identifier" ] || [[ $record_identifier == *"{"* ]]; then - ${pkgs.util-linux}/bin/logger -s "DDNS Updater: Failed to extract record_identifier from response. Got: '$record_identifier'" - exit 1 - fi - - ${pkgs.util-linux}/bin/logger -s "DDNS Updater: Using record_identifier: '$record_identifier'" - ########################################### ## Change the IP@Cloudflare using the API ########################################### @@ -740,18 +730,18 @@ in { ${pkgs.curl}/bin/curl -L -X POST "''${slackuri}" --data-raw "{\"channel\":\"''${slackchannel}\",\"text\":\"''${msg}\"}" fi if [[ $discorduri != "" ]]; then - msg="$${sitename} DDNS Update Failed: $${record_name}: $${record_identifier} ($${CURRENT_IP})." - ${pkgs.curl}/bin/curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data-raw "{\"content\":\"$${msg}\"}" "$${discorduri}" + msg="''${sitename} DDNS Update Failed: ''${record_name}: ''${record_identifier} (''${CURRENT_IP})." + ${pkgs.curl}/bin/curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data-raw "{\"content\":\"''${msg}\"}" "''${discorduri}" fi exit 1;; *) - msg="$${sitename} Updated: $${record_name}'s new IP Address is $${CURRENT_IP}" - ${pkgs.util-linux}/bin/logger "DDNS Updater: $${CURRENT_IP} $${record_name} DDNS updated." + msg="''${sitename} Updated: ''${record_name}'s new IP Address is ''${CURRENT_IP}" + ${pkgs.util-linux}/bin/logger "DDNS Updater: ''${CURRENT_IP} ''${record_name} DDNS updated." if [[ $slackuri != "" ]]; then - ${pkgs.curl}/bin/curl -L -X POST "$${slackuri}" --data-raw "{\"channel\":\"$${slackchannel}\",\"text\":\"$${msg}\"}" + ${pkgs.curl}/bin/curl -L -X POST "''${slackuri}" --data-raw "{\"channel\":\"''${slackchannel}\",\"text\":\"''${msg}\"}" fi if [[ $discorduri != "" ]]; then - ${pkgs.curl}/bin/curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data-raw "{\"content\":\"$${msg}\"}" "$${discorduri}" + ${pkgs.curl}/bin/curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data-raw "{\"content\":\"''${msg}\"}" "''${discorduri}" fi exit 0;; esac @@ -768,44 +758,23 @@ in { # Wrapper: source env, map tokens, loop declared records and call the upstream single-run script if [ -f "${envFile}" ]; then - echo "DEBUG: Sourcing environment file: ${envFile}" >&2 # shellcheck disable=SC1090 source "${envFile}" - echo "DEBUG: After sourcing - CLOUDFLARE_DNS_API_TOKEN length: ''${#CLOUDFLARE_DNS_API_TOKEN:-0}, CLOUDFLARE_API_TOKEN length: ''${#CLOUDFLARE_API_TOKEN:-0}" >&2 - else - echo "ERROR: Environment file not found: ${envFile}" >&2 - exit 1 fi # Map env variables from the env file into auth_key/auth_email used by the upstream script if [ -n "''${CLOUDFLARE_DNS_API_TOKEN:-}" ]; then - export auth_key="''${CLOUDFLARE_DNS_API_TOKEN}" - echo "DEBUG: Using CLOUDFLARE_DNS_API_TOKEN (length: ''${#auth_key})" >&2 + export auth_key="''${CLOUDFLARE_DNS_API_TOKEN:-}" elif [ -n "''${CLOUDFLARE_API_TOKEN:-}" ]; then - export auth_key="''${CLOUDFLARE_API_TOKEN}" - echo "DEBUG: Using CLOUDFLARE_API_TOKEN (length: ''${#auth_key})" >&2 - else - echo "ERROR: No Cloudflare API token found in environment file" >&2 - echo "ERROR: Available variables: $(set | grep CLOUDFLARE || echo 'none')" >&2 - exit 1 + export auth_key="''${CLOUDFLARE_API_TOKEN:-}" fi - if [ -n "''${CLOUDFLARE_USERNAME:-}" ]; then - export auth_email="''${CLOUDFLARE_USERNAME}" - echo "DEBUG: Using CLOUDFLARE_USERNAME: '$auth_email'" >&2 - else - echo "DEBUG: No CLOUDFLARE_USERNAME found, auth_email will be empty" >&2 + export auth_email="''${CLOUDFLARE_USERNAME:-}" fi - # Export auth_method for the single-run script - export auth_method="token" - # Ensure zone id is exported for the single-run script export zone_identifier="${zoneId}" - # Debug: log that we're starting with credentials - echo "Starting DDNS update with auth_key length: ''${#auth_key}, auth_email: '$auth_email'" >&2 - # Loop records from the Nix list. "@" maps to the base domain for r in ${recordsStr}; do if [ "$r" = "@" ]; then @@ -814,7 +783,7 @@ in { export record_name="$r.${domain}" fi # Invoke the single-run script explicitly with the system's bash via env to avoid /bin/bash shebang issues - ${pkgs.bash}/bin/bash /etc/cloudflare-ddns/update-single.sh "$record_name" "$zone_identifier" || true + ${pkgs.bash}/bin/bash /etc/cloudflare-ddns/update-single.sh "$record_name" "$zone_identifier" "$auth_email" "$auth_key" || true done '';