From 4e29f51b1330bdbcc11cacf329ca45de0edaedb1 Mon Sep 17 00:00:00 2001
From: Zsolt Ero <zsolt.ero@gmail.com>
Date: Sat, 24 Feb 2024 20:05:30 +0100
Subject: [PATCH] setup_le_dns_manager

---
 config/cloudflare.ini.sample |  3 +++
 ssh_lib/tasks.py             | 12 ++++++++++--
 2 files changed, 13 insertions(+), 2 deletions(-)
 create mode 100644 config/cloudflare.ini.sample

diff --git a/config/cloudflare.ini.sample b/config/cloudflare.ini.sample
new file mode 100644
index 0000000..9c4a6e1
--- /dev/null
+++ b/config/cloudflare.ini.sample
@@ -0,0 +1,3 @@
+# --- Let's Encrypt DNS challange, not needed for self-hosting
+
+dns_cloudflare_api_token = xxx
diff --git a/ssh_lib/tasks.py b/ssh_lib/tasks.py
index 380a81f..68a9e18 100644
--- a/ssh_lib/tasks.py
+++ b/ssh_lib/tasks.py
@@ -181,15 +181,23 @@ def install_benchmark(c):
 def setup_le_dns_manager(c):
     le_email = dotenv_val('LE_EMAIL').lower()
     domain_le_dns = dotenv_val('DOMAIN_LE_DNS').lower()
-
     assert le_email
     assert domain_le_dns
 
+    c.sudo('mkdir -p /root/.secrets')
+
+    put(
+        c,
+        CONFIG_DIR / 'cloudflare.ini',
+        '/root/.secrets/ofm_le_dns_cloudflare.ini',
+        permissions=400,
+    )
+
     sudo_cmd(
         c,
         'certbot certonly '
         '--dns-cloudflare '
-        '--dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini '
+        '--dns-cloudflare-credentials /root/.secrets/ofm_le_dns_cloudflare.ini '
         '--staging '
         f'--noninteractive -m {le_email} '
         f'--agree-tos '