nixos/services/cloudflare-ddns.md at 8fa1e4c1123a602498f4a052d008b5a3024409c5

rope/nixos

ediblerope 08669d7eb5 Update docs: add new services to readme, remove obsolete go2rtc-readme

- readme.md: add authelia, fail2ban, homepage, arr-interconnect, nginx
  description updated to mention ACME. Remove omnisearch, add cachyos
  kernel to flake inputs table.
- cloudflare-ddns.md: document shared token usage with ACME, note
  Zone:Zone:Read permission requirement.
- Delete go2rtc-readme.md (documented Docker setup, now native NixOS).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-04-07 20:42:19 +01:00

769 B

Raw Blame History

Store your API key securely

Create a file outside your /etc/nixos directory to store your Cloudflare API token:

sudo mkdir -p /var/secrets
sudo nano /var/secrets/cloudflare-token
sudo chmod 600 /var/secrets/cloudflare-token
sudo chown root:root /var/secrets/cloudflare-token

This token is shared by both cloudflare-ddns.nix (DDNS updates) and nginx.nix (ACME wildcard cert via DNS-01 challenge).

Get your Cloudflare API Token

Go to Cloudflare Dashboard → My Profile → API Tokens and create a token with:

Zone : Zone : Read
Zone : DNS : Edit

Both permissions are required — Zone:Read for ACME to locate the zone, DNS:Edit for DDNS updates and ACME challenge TXT records.

Copy the token to /var/secrets/cloudflare-token.

769 B Raw Blame History

Store your API key securely

Get your Cloudflare API Token

769 B

Raw Blame History