More debugs.

2026-06-13 18:28:55 +02:00 · 2026-03-03 13:47:00 +01:00 · 2026-03-03 13:47:00 +01:00 · 0d02578ab3
commit 0d02578ab3
parent fd00d43f91
1 changed files with 42 additions and 6 deletions
--- a/nix-system-configs/modules/system/traefik.nix
+++ b/nix-system-configs/modules/system/traefik.nix
@ -650,6 +650,15 @@ in {
          exit 2
        fi

+        # Debug: log auth status
+        ${pkgs.util-linux}/bin/logger -s "DDNS Updater: auth_key length: ''${#auth_key}, auth_email: '$auth_email', auth_method: '$auth_method'"
+
+        # Fail fast if we don't have auth credentials
+        if [ -z "$auth_key" ]; then
+          ${pkgs.util-linux}/bin/logger -s "DDNS Updater: auth_key is empty — cannot authenticate with Cloudflare."
+          exit 2
+        fi
+
        ###########################################
        ## Check and set the proper auth header
        ###########################################
@ -669,6 +678,9 @@ in {
                              -H "''$auth_header ''$auth_key" \
                              -H "Content-Type: application/json")

+        # Debug: log first 200 chars of response
+        ${pkgs.util-linux}/bin/logger -s "DDNS Updater: Record fetch response (first 200 chars): ''${record:0:200}"
+
        ###########################################
        ## Check if the domain has an A record
        ###########################################
@ -677,6 +689,12 @@ in {
          exit 1
        fi

+        # Check if the API returned an error
+        if [[ $record == *"\\"success\\":false"* ]]; then
+          ${pkgs.util-linux}/bin/logger -s "DDNS Updater: Cloudflare API returned error: $record"
+          exit 1
+        fi
+
        ###########################################
        ## Get existing IP
        ###########################################
@ -692,6 +710,14 @@ in {
        ###########################################
        record_identifier=$(echo "$record" | sed -E 's/.*"id":"([A-Za-z0-9_]+)".*/\\1/')

+        # Fail fast if we couldn't extract the record ID
+        if [ -z "$record_identifier" ] || [[ $record_identifier == *"{"* ]]; then
+          ${pkgs.util-linux}/bin/logger -s "DDNS Updater: Failed to extract record_identifier from response. Got: '$record_identifier'"
+          exit 1
+        fi
+
+        ${pkgs.util-linux}/bin/logger -s "DDNS Updater: Using record_identifier: '$record_identifier'"
+
        ###########################################
        ## Change the IP@Cloudflare using the API
        ###########################################
@ -714,18 +740,18 @@ in {
            ${pkgs.curl}/bin/curl -L -X POST "''${slackuri}" --data-raw "{\"channel\":\"''${slackchannel}\",\"text\":\"''${msg}\"}"
          fi
          if [[ $discorduri != "" ]]; then
-            msg="''${sitename} DDNS Update Failed: ''${record_name}: ''${record_identifier} (''${CURRENT_IP})."
-            ${pkgs.curl}/bin/curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data-raw "{\"content\":\"''${msg}\"}" "''${discorduri}"
+            msg="$${sitename} DDNS Update Failed: $${record_name}: $${record_identifier} ($${CURRENT_IP})."
+            ${pkgs.curl}/bin/curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data-raw "{\"content\":\"$${msg}\"}" "$${discorduri}"
          fi
          exit 1;;
        *)
-          msg="''${sitename} Updated: ''${record_name}'s new IP Address is ''${CURRENT_IP}"
-          ${pkgs.util-linux}/bin/logger "DDNS Updater: ''${CURRENT_IP} ''${record_name} DDNS updated."
+          msg="$${sitename} Updated: $${record_name}'s new IP Address is $${CURRENT_IP}"
+          ${pkgs.util-linux}/bin/logger "DDNS Updater: $${CURRENT_IP} $${record_name} DDNS updated."
          if [[ $slackuri != "" ]]; then
-            ${pkgs.curl}/bin/curl -L -X POST "''${slackuri}" --data-raw "{\"channel\":\"''${slackchannel}\",\"text\":\"''${msg}\"}"
+            ${pkgs.curl}/bin/curl -L -X POST "$${slackuri}" --data-raw "{\"channel\":\"$${slackchannel}\",\"text\":\"$${msg}\"}"
          fi
          if [[ $discorduri != "" ]]; then
-            ${pkgs.curl}/bin/curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data-raw "{\"content\":\"''${msg}\"}" "''${discorduri}"
+            ${pkgs.curl}/bin/curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data-raw "{\"content\":\"$${msg}\"}" "$${discorduri}"
          fi
          exit 0;;
        esac
@ -751,14 +777,24 @@ in {
          export auth_key="''${CLOUDFLARE_DNS_API_TOKEN:-}"
        elif [ -n "''${CLOUDFLARE_API_TOKEN:-}" ]; then
          export auth_key="''${CLOUDFLARE_API_TOKEN:-}"
+        else
+          echo "ERROR: No Cloudflare API token found in environment file" >&2
+          exit 1
        fi
+
        if [ -n "''${CLOUDFLARE_USERNAME:-}" ]; then
          export auth_email="''${CLOUDFLARE_USERNAME:-}"
        fi

+        # Export auth_method for the single-run script
+        export auth_method="token"
+
        # Ensure zone id is exported for the single-run script
        export zone_identifier="${zoneId}"

+        # Debug: log that we're starting with credentials
+        echo "Starting DDNS update with auth_key length: ''${#auth_key}, auth_email: '$auth_email'" >&2
+
        # Loop records from the Nix list. "@" maps to the base domain
        for r in ${recordsStr}; do
          if [ "$r" = "@" ]; then