Updating domain records with nixops on Digital Ocean

I’m fairly new to nixops and i’m trying to deploy to Digital Ocean with NixOps, which for the most part seems pretty straight forward, but is there a way to immediately update domain records? Since I plan to use Let’s Encrypt this would be extremely helpful.

Generally it seems easy since there is an API that uses the same key that is used to deploy the droplet, see /reference/api/api-try-it-now/
but i’m not sure how I would incorporate this best?

What version of nixops are you using?

Nixops is currently in a process of beeing rewritten and getting a plugin concept.

The old DO for nixops can do nothing but creating machines, it wasn’t even able to attach additional drives or create “spaces” etc.

I’m not sure what the new plugin for DO will be able to do or is already able to.

Perhaps first start clarifying what exactly you use.

The security.acme module utilizes lego which is able to provision ssl certificates via DNS challenge the way you want. Something along these lines:

security.acme.certs."example.org" = {
  dnsProvider = "digitalocean";
  credentialsFile = "/path/to/secret";

From here you need to create this secrets file according to Digital Ocean :: Let’s Encrypt client and ACME library written in Go..

I have to look into that, that might solve all of this. Thanks!

This definitely helps, but I would still need to set the A records myself to actually visit the website, right?

@ZerataX, from what I got you need both DNS record provisioning and certificate generation, is this right?

I think in this case you will need to implement a NixOps plugin which provides a DigitalOcean DNS resource. The Nix syntax will probably resemble this (with the DO DNS specifics of course) and the Python plugin implementation would need to talk to the DO DNS API for provisioning the zones/records. Then you would define the records you need provisioned in the NixOps deployment expression as such a resource.

1 Like