netbird/plugins
0
0
Fork 0
mirror of https://github.com/netbirdio/plugins.git synced 2026-05-22 18:44:07 -07:00
Code Issues Packages Projects Releases Wiki Activity

www/caddy: Remove DNS Provider subsystem except cloudflare in favor of global custom config file (#4691)

Browse Source 
* www/caddy: Remove DNS Provider subsystem except cloudflare. Since caddy-v2.10.0, a global DNS Provider can be set. This enables users to drop in a custom configuration file with their DNS Provider configuration into global settings, if they plan to supply their own custom build anyway. This change fixes the maintainability issues completely.

* www/caddy: Remove includeDnsProvider template

* www/caddy: Some minor cleanups in the form to reflect the Auto HTTPS and DNS Provider changes better
This commit is contained in:
Monviech
2025-05-13 19:37:30 +02:00
committed by GitHub
parent b0ab9598b2
commit 05584f96df
5 changed files with 21 additions and 487 deletions
Download Patch File Download Diff File Expand all files Collapse all files
www/caddy/src/opnsense/mvc/app/controllers/OPNsense/Caddy/forms/dialogReverseProxy.xml
+1 -1
View File
@@ -46,7 +46,7 @@
<label>Certificate</label>
<type>dropdown</type>
<style>selectpicker style_tls_reverse</style>
<help><![CDATA[Choose ACME to get automatic certificates with the built in ACME client; no additional plugin required. The "HTTP-01", "TLS-ALPN-01" or "DNS-01" challenge will be used to get automatic "Let's Encrypt" or "ZeroSSL" certificates. Alternatively, choose a custom certificate from "System - Trust - Certificates" for this domain. Make sure the full chain has been imported.]]></help>
<help><![CDATA[Choose "Auto HTTPS" to get automatic "Let's Encrypt" or "ZeroSSL" certificates; no additional plugin required. Alternatively, choose a custom certificate from "System - Trust - Certificates" for this domain, e.g., certificates managed by the optional os-acme-client plugin.]]></help>
<grid_view>
<visible>false</visible>
</grid_view>
www/caddy/src/opnsense/mvc/app/controllers/OPNsense/Caddy/forms/general.xml
+14 -46
View File
@@ -56,7 +56,7 @@
<id>caddy.general.accesslist</id>
<label>Trusted Proxies</label>
<type>dropdown</type>
<help><![CDATA[Select an Access List to set IP ranges of Trusted Proxies. If Caddy is not the first server being connected to by clients (for example, when a "CDN" is in front of Caddy), configure "Trusted Proxies" with a list of IP ranges (CIDRs) from which incoming requests are trusted to have sent good values for these headers. Additionally, set the same Access List to the domains the Trusted Proxies connect to.]]></help>
<help><![CDATA[Select an Access List to set IP ranges of Trusted Proxies. Access Lists can be added in "Reverse Proxy - Access". If Caddy is not the first server being connected to by clients (for example, when a "CDN" is in front of Caddy), configure "Trusted Proxies" with a list of IP ranges (CIDRs) from which incoming requests are trusted to have sent good values for these headers. Additionally, set the same Access List to the domains the Trusted Proxies connect to.]]></help>
</field>
<field>
<id>caddy.general.ClientIpHeaders</id>
@@ -108,47 +108,13 @@
<id>caddy.general.TlsDnsProvider</id>
<label>DNS Provider</label>
<type>dropdown</type>
<help><![CDATA[Select the DNS Provider for the DNS-01 Challenge and Dynamic DNS. Providers marked as "optional" must be installed manually, see https://caddyserver.com/docs/command-line#caddy-add-package. Important: When the version of the caddy binary changes, "optional" provider must be reinstalled. For more information, visit https://github.com/caddy-dns where each module is community maintained.]]></help>
</field>
<field>
<type>header</type>
<label>API Fields</label>
<help><![CDATA[Select the DNS Provider. If you cannot find your provider here, consider using os-acme-client for the DNS-01 Challenge and os-ddclient for Dynamic DNS as alternatives.]]></help>
</field>
<field>
<id>caddy.general.TlsDnsApiKey</id>
<label>API Field 1</label>
<label>API Key</label>
<type>text</type>
<help><![CDATA[This is the standard field for the API Key. Field can be left empty if optional for the chosen provider. Cloudflare "api_token", Duckdns "api_token", DigitalOcean "auth_token", Godaddy "api_token", Gandi "bearer_token", IONOS "api_token", deSEC "token", Route53 "access_key_id", Porkbun "api_key", ACME-DNS "username", Netlify "personal_access_token", Njalla "api_token", Google Cloud DNS "gcp_project", Azure "tenant_id", OVH "endpoint", Namecheap "api_key", PowerDNS "server_url", DDNSS "api_token", Linode "api_token", Tencent Cloud "secret_id", Dinahosting "username", Hexonet "username", Mail-in-a-Box "api_url", DNS Made Easy "api_key", Bunny "access_key", Civo "api_token", Scaleway "secret_key", ACME Proxy "username", INWX "username", Netcup "customer_number", RFC2136 "key_name", Name.com "token", EasyDNS "api_token", Infomaniak "api_token", DirectAdmin "host", Hosttech "api_token", Vultr "api_token", Hetzner "api_token", ClouDNS "auth_id", Gcore "api_token", Huawei Cloud "access_key_id", DNSExit "api_token", Nanelo "api_token", Katapult "api_token", Regfish "api_key", Leaseweb "api_token", DreamHost "api_key", Exoscale "api_key", TransIP "account_name", Selectel "user", LuaDNS "email", Hurricane Electric "api_key", Namesilo "api_token", Dode "api_token", Dynu "api_token", Glesys "project", NFSN "login", GoDaddy "api_token", Vercel "api_token", Loopia "username", DNSPod "api_token", Mythic Beasts "key_id", Dynv6 "api_token", AliDNS "access_key_id", Metaname "api_key"]]></help>
</field>
<field>
<id>caddy.general.TlsDnsSecretApiKey</id>
<label>API Field 2</label>
<type>text</type>
<help><![CDATA[Leave empty if your DNS Provider isn't specified here. Field can be left empty if optional for the chosen provider. Duckdns "override_domain", Route53 "secret_access_key", Porkbun "api_secret_key", ACME-DNS "password", Azure "client_id", OVH "application_key", Namecheap "user", PowerDNS "api_token", DDNSS "username", Linode "api_url", Tencent Cloud "secret_key", Dinahosting "password", Hexonet "password", Mail-in-a-Box "email_address", DNS Made Easy "secret_key", Scaleway "organization_id", ACME Proxy "password", INWX "password", Netcup "api_key", RFC2136 "key_alg", Name.com "server", EasyDNS "api_key", DirectAdmin "user", ClouDNS "auth_password", Huawei Cloud "secret_access_key", Exoscale "api_secret", TransIP "private_key_path", Selectel "password", LuaDNS "api_key", Dynu "own_domain", Glesys "api_key", NFSN "api_key", Loopia "password", Mythic Beasts "secret", AliDNS "access_key_secret", Metaname "account_reference"]]></help>
</field>
<field>
<id>caddy.general.TlsDnsOptionalField1</id>
<label>API Field 3</label>
<type>text</type>
<help><![CDATA[Leave empty if your DNS Provider isn't specified here. Field can be left empty if optional for the chosen provider. Route53 "hosted_zone_id", ACME-DNS "subdomain", Azure "client_secret", OVH "application_secret", Namecheap "api_endpoint", DDNSS "password", Linode "api_version", Mail-in-a-Box "password", DNS Made Easy "api_endpoint", ACME Proxy "endpoint", INWX "shared_secret", Netcup "api_password", Name.com "user", EasyDNS "api_url", DirectAdmin "login_key", RFC2136 "key", ClouDNS "sub_auth_id", Selectel "account_id"]]></help>
</field>
<field>
<id>caddy.general.TlsDnsOptionalField2</id>
<label>API Field 4</label>
<type>text</type>
<help><![CDATA[Leave empty if your DNS Provider isn't specified here. Field can be left empty if optional for the chosen provider. Route53 "profile", ACME-DNS "server_url", Azure "subscription_id", OVH "consumer_key", Namecheap "client_ip", DDNS "password", INWX "endpoint_url", DirectAdmin "insecure_requests", RFC2136 "server", Selectel "project_name"]]></help>
</field>
<field>
<id>caddy.general.TlsDnsOptionalField3</id>
<label>API Field 5</label>
<type>text</type>
<help><![CDATA[Leave empty if your DNS Provider isn't specified here. Field can be left empty if optional for the chosen provider. Route53 "region", Azure "resource_group_name"]]></help>
</field>
<field>
<id>caddy.general.TlsDnsOptionalField4</id>
<label>API Field 6</label>
<type>text</type>
<help><![CDATA[Leave empty if your DNS Provider isn't specified here. Field can be left empty if optional for the chosen provider. Route53 "session_token"]]></help>
<help><![CDATA[This is the standard field for the API Key.]]></help>
</field>
<field>
<type>header</type>
@@ -190,42 +156,44 @@
<type>text</type>
<help><![CDATA[Enables Encrypted ClientHello (ECH) by using the specified public domain name as the plaintext server name (SNI) in TLS handshakes. More information: https://caddyserver.com/docs/caddyfile/options#ech]]></help>
</field>
</tab>
<tab id="general-dynamicdns" description="Dynamic DNS">
<field>
<type>header</type>
<label>Dynamic DNS</label>
</field>
<field>
<id>caddy.general.DynDnsIpVersions</id>
<label>DynDns IP Version</label>
<label>IP Version</label>
<type>dropdown</type>
<help><![CDATA[Select the DynDns IP Version: "IPv4+IPv6" to set IPv4 A-Records and IPv6 AAAA-Records, "IPv4 only" for only A-Records, "IPv6 only" for only AAAA-Records.]]></help>
</field>
<field>
<id>caddy.general.DynDnsUpdateOnly</id>
<label>DynDns Update Only</label>
<label>Update Only</label>
<type>checkbox</type>
<help><![CDATA[If enabled, no new DNS records will be created. Only existing records will be updated. This means that the A or AAAA records need to be created manually ahead of time.]]></help>
</field>
<field>
<id>caddy.general.DynDnsInterval</id>
<label>DynDns Check Interval</label>
<label>Check Interval</label>
<type>text</type>
<hint>1800</hint>
<help><![CDATA[Set the interval in seconds to poll for changes in the IP address. Leave empty to use system defaults.]]></help>
</field>
<field>
<id>caddy.general.DynDnsTtl</id>
<label>DynDns TTL</label>
<label>Time to Live</label>
<type>text</type>
<help><![CDATA[Set the TTL (Time to Live) for DNS records in seconds. Leave empty to use the default of an already existing TTL (when updating only) or the default of the provider API (when creating new records). If explicitely set, values should be as defined in rfc2181 section 8.]]></help>
</field>
<field>
<id>caddy.general.DynDnsSimpleHttp</id>
<label>DynDns Check Http</label>
<label>Check Http</label>
<type>text</type>
<help><![CDATA[Enter a URL to test the current IP address of the firewall via the HTTP protocol. This is generally not needed as Caddy uses default providers to test the current IP addresses. If a custom provider is preferred, enter the "https://" link to an IP address testing website.]]></help>
</field>
<field>
<id>caddy.general.DynDnsInterface</id>
<label>DynDns Check Interface</label>
<label>Check Interface</label>
<type>dropdown</type>
<help><![CDATA[Select an interface to extract the current IP addresses of the firewall. This is generally not needed as Caddy uses default providers to test the current IP addresses. Depending on the specified DynDns IP Version, at most one IPv6 Global Unicast Address and one IPv4 non-RFC1918 Address will be extracted.]]></help>
</field>
www/caddy/src/opnsense/mvc/app/models/OPNsense/Caddy/Caddy.xml
+3 -72
View File
@@ -1,7 +1,7 @@
<model>
<mount>//Pischem/caddy</mount>
<description>Caddy Reverse Proxy</description>
<version>1.3.6</version>
<version>1.3.7</version>
<items>
<general>
<enabled type="BooleanField">
@@ -24,79 +24,10 @@
<TlsDnsProvider type="OptionField">
<BlankDesc>None (default)</BlankDesc>
<OptionValues>
<cloudflare>Cloudflare (embedded)</cloudflare>
<duckdns>Duck DNS (optional)</duckdns>
<gandi>Gandi (optional)</gandi>
<ionos>IONOS (optional)</ionos>
<desec>Desec (optional)</desec>
<porkbun>Porkbun (optional)</porkbun>
<acmedns>ACME-DNS (optional)</acmedns>
<azure>Azure (optional)</azure>
<ovh>OVH (optional)</ovh>
<namecheap>Namecheap (optional)</namecheap>
<powerdns>PowerDNS (optional)</powerdns>
<linode>Linode (optional)</linode>
<hexonet>Hexonet (optional)</hexonet>
<mailinabox>Mail-in-a-Box (optional)</mailinabox>
<rfc2136>RFC2136 (optional)</rfc2136>
<dnsmadeeasy>DNS Made Easy (optional)</dnsmadeeasy>
<bunny>Bunny (optional)</bunny>
<scaleway>Scaleway (optional)</scaleway>
<acmeproxy>ACME Proxy (optional)</acmeproxy>
<inwx>INWX (optional)</inwx>
<netcup>Netcup (optional)</netcup>
<namedotcom>Name.com (optional)</namedotcom>
<infomaniak>Infomaniak (optional)</infomaniak>
<directadmin>DirectAdmin (optional)</directadmin>
<vultr>Vultr (optional)</vultr>
<hetzner>Hetzner (optional)</hetzner>
<digitalocean>DigitalOcean (optional)</digitalocean>
<route53>Route53 (optional)</route53>
<googleclouddns>Google Cloud DNS (optional)</googleclouddns>
<netlify>Netlify (optional)</netlify>
<ddnss>DDNSS (optional)</ddnss>
<njalla>Njalla (optional)</njalla>
<tencentcloud>Tencent Cloud (optional)</tencentcloud>
<dinahosting>Dinahosting (optional)</dinahosting>
<civo>Civo (optional)</civo>
<easydns>EasyDNS (optional)</easydns>
<hosttech>Hosttech (optional)</hosttech>
<cloudns>ClouDNS (optional)</cloudns>
<gcore>Gcore (optional)</gcore>
<huaweicloud>Huawei Cloud (optional)</huaweicloud>
<dnsexit>DNSExit (optional)</dnsexit>
<nanelo>Nanelo (optional)</nanelo>
<katapult>Katapult (optional)</katapult>
<regfish>Regfish (optional)</regfish>
<leaseweb>Leaseweb (optional)</leaseweb>
<dreamhost>DreamHost (optional)</dreamhost>
<exoscale>Exoscale (optional)</exoscale>
<transip>TransIP (optional)</transip>
<selectel>Selectel (optional)</selectel>
<dnsimple>DNSimple (optional)</dnsimple>
<luadns>LuaDNS (optional)</luadns>
<he>Hurricane Electric (optional)</he>
<namesilo>Namesilo (optional)</namesilo>
<dode>Dode (optional)</dode>
<dynu>Dynu (optional)</dynu>
<glesys>Glesys (optional)</glesys>
<nfsn>NFSN (optional)</nfsn>
<godaddy>GoDaddy (optional)</godaddy>
<vercel>Vercel (optional)</vercel>
<loopia>Loopia (optional)</loopia>
<dnspod>DNSPod (optional)</dnspod>
<mythicbeasts>Mythic Beasts (optional)</mythicbeasts>
<dynv6>Dynv6 (optional)</dynv6>
<alidns>AliDNS (optional)</alidns>
<metaname>Metaname (optional)</metaname>
<cloudflare>Cloudflare</cloudflare>
</OptionValues>
</TlsDnsProvider>
<TlsDnsApiKey type="TextField"/>
<TlsDnsSecretApiKey type="TextField"/>
<TlsDnsOptionalField1 type="TextField"/>
<TlsDnsOptionalField2 type="TextField"/>
<TlsDnsOptionalField3 type="TextField"/>
<TlsDnsOptionalField4 type="TextField"/>
<TlsDnsPropagationTimeout type="BooleanField"/>
<TlsDnsPropagationTimeoutPeriod type="IntegerField">
<MinimumValue>1</MinimumValue>
@@ -266,7 +197,7 @@
<description type="DescriptionField"/>
<DnsChallenge type="BooleanField"/>
<CustomCertificate type="CertificateField">
<BlankDesc>ACME</BlankDesc>
<BlankDesc>Auto HTTPS</BlankDesc>
</CustomCertificate>
<AccessLog type="BooleanField"/>
<DynDns type="BooleanField"/>
www/caddy/src/opnsense/service/templates/OPNsense/Caddy/Caddyfile
+3 -54
View File
@@ -122,29 +122,9 @@
# Purpose: Sets up global configuration for Dynamic DNS. Caddy needs to be compiled with
# https://github.com/mholt/caddy-dynamicdns and https://github.com/caddy-dns. Otherwise the
# generated Caddyfile won't run. Each DNS Provider that is added below has to be compiled in.
# Some Providers don't support setting A and AAAA-Records, like acmedns.
# Most need specific configurations. Since only one provider can be used at the same time,
# they all share the same fields for configuration.
# Parameters:
# - @param dnsProvider (string): Specifies the DNS provider for DDNS updates.
# - @param dnsApiKey (string): The API key for authenticating with the DNS provider.
# - @param dnsSecretApiKey (string): A secret API key or token for additional authentication security.
# - @param dnsOptionalField1 to 4 (string): Optional configuration field for the DNS provider.
# - @param dynDnsSimpleHttp (string): URL for a simple HTTP-based service to discover the server's public IP.
# - @param dynDnsInterface (string): Network interface(s) to use for IP discovery.
# - @param dynDnsCheckInterval (integer): Interval in seconds to check for IP changes. Can be empty for defaults.
# - @param dynDnsIpVersions (string): The IP version(s) (IPv4, IPv6) for the DDNS update.
# - @param dynDnsTtl (integer): Time-To-Live for the DNS records, in seconds. Can be empty for defaults.
# - @param dynDnsDomains (list): Domains and subdomains list for which DDNS updates are enabled.
# - @param dynDnsUpdateOnly (boolean): If set, only updates DNS records, not creating new ones.
#}
{% set dnsProvider = helpers.toList('Pischem.caddy.general.TlsDnsProvider') | first %}
{% set dnsApiKey = generalSettings.TlsDnsApiKey %}
{% set dnsSecretApiKey = generalSettings.TlsDnsSecretApiKey %}
{% set dnsOptionalField1 = generalSettings.TlsDnsOptionalField1 %}
{% set dnsOptionalField2 = generalSettings.TlsDnsOptionalField2 %}
{% set dnsOptionalField3 = generalSettings.TlsDnsOptionalField3 %}
{% set dnsOptionalField4 = generalSettings.TlsDnsOptionalField4 %}
{% set dynDnsSimpleHttp = generalSettings.DynDnsSimpleHttp %}
{% set dynDnsInterface = generalSettings.DynDnsInterface %}
{% set dynDnsUpdateOnly = generalSettings.DynDnsUpdateOnly %}
@@ -174,22 +154,9 @@
{% endfor %}
{% endfor %}
{% import "OPNsense/Caddy/includeDnsProvider" as dns_includes %}
{% set dnsProviderSpecialConfig = dns_includes.dnsProviderSpecialConfig() %}
{# Conditionally add the dynamic_dns section, acmedns provider is special, it does not support dynamic_dns. #}
{% if dnsProvider and dynDnsDomains|length > 0 and dnsProvider != "acmedns" %}
{% if dnsProvider and dynDnsDomains|length > 0 %}
dynamic_dns {
{# duckdns provider is special, it has a different configuration for dynamic dns than for the dns-01 challenge. #}
{% if dnsProvider in dnsProviderSpecialConfig and dnsProvider != "duckdns" %}
provider {{ dnsProvider }} {
{% set context_var = 'dnsProviderSpecialLogic' %}
{% include "OPNsense/Caddy/includeDnsProvider" %}
}
{% else %}
{# Other DNS Providers fall under this default #}
provider {{ dnsProvider }} {{ dnsApiKey }}
{% endif %}
domains {
{% for domain in dynDnsDomains %}
{{ domain }}
@@ -225,11 +192,7 @@
# https://caddyserver.com/docs/caddyfile/options#ech
#}
{% if generalSettings.TlsDnsEchDomain|default("") and dnsProvider %}
dns {{ dnsProvider }} {% if dnsProvider not in dnsProviderSpecialConfig %}{{ dnsApiKey }}{% else %}{
{% set context_var = 'dnsProviderSpecialLogic' %}
{% include "OPNsense/Caddy/includeDnsProvider" %}
}
{% endif +%}
dns {{ dnsProvider }} {{ dnsApiKey }}
ech {{ generalSettings.TlsDnsEchDomain }}
{% endif %}
@@ -323,11 +286,6 @@ http://{{ domain }} {
clientAuthMode="",
dnsProvider="",
dnsApiKey="",
dnsSecretApiKey="",
tlsDnsOptionalField1="",
tlsDnsOptionalField2="",
tlsDnsOptionalField3="",
tlsDnsOptionalField4="",
tlsDnsPropagationTimeout="",
tlsDnsPropagationTimeoutPeriod="",
tlsDnsPropagationDelay="",
@@ -337,11 +295,7 @@ http://{{ domain }} {
tls {% if customCert %}/var/db/caddy/data/caddy/certificates/temp/{{ customCert }}.pem /var/db/caddy/data/caddy/certificates/temp/{{ customCert }}.key{% endif %} {
{% if not customCert and (dnsChallenge == "1" and dnsProvider) %}
issuer acme {
dns {{ dnsProvider }} {% if dnsProvider not in dnsProviderSpecialConfig %}{{ dnsApiKey }}{% else %}{
{% set context_var = 'dnsProviderSpecialLogic' %}
{% include "OPNsense/Caddy/includeDnsProvider" %}
}
{% endif %}
dns {{ dnsProvider }} {{ dnsApiKey }}
{% if tlsDnsPropagationResolvers %}
resolvers {{ tlsDnsPropagationResolvers }}
@@ -622,11 +576,6 @@ http://{{ domain }} {
clientAuthMode=reverse.ClientAuthMode|default(""),
dnsProvider=generalSettings.TlsDnsProvider,
dnsApiKey=generalSettings.TlsDnsApiKey,
dnsSecretApiKey=generalSettings.TlsDnsSecretApiKey,
tlsDnsOptionalField1=generalSettings.TlsDnsOptionalField1,
tlsDnsOptionalField2=generalSettings.TlsDnsOptionalField2,
tlsDnsOptionalField3=generalSettings.TlsDnsOptionalField3,
tlsDnsOptionalField4=generalSettings.TlsDnsOptionalField4,
tlsDnsPropagationTimeout=generalSettings.TlsDnsPropagationTimeout,
tlsDnsPropagationTimeoutPeriod=generalSettings.TlsDnsPropagationTimeoutPeriod,
tlsDnsPropagationDelay=generalSettings.TlsDnsPropagationDelay,
www/caddy/src/opnsense/service/templates/OPNsense/Caddy/includeDnsProvider
-314
View File
@@ -1,314 +0,0 @@
{#
# This file gets imported in two sections of the Caddyfile template
# - Section: Dynamic DNS Global Configuration
# - Macro: tls_configuration
#
# It only includes DNS Providers that need specific settings and do not default to
# "dns {{ dnsProvider }} {{ dnsApiKey }}"
#}
{% macro dnsProviderSpecialConfig() %}
[
'duckdns',
'porkbun',
'desec',
'route53',
'acmedns',
'googleclouddns',
'azure',
'ovh',
'namecheap',
'powerdns',
'ddnss',
'linode',
'tencentcloud',
'dinahosting',
'hexonet',
'mailinabox',
'netcup',
'rfc2136',
'dnsmadeeasy',
'civo',
'scaleway',
'acmeproxy',
'inwx',
'namedotcom',
'easydns',
'directadmin',
'cloudns',
'huaweicloud',
'regfish',
'dreamhost',
'exoscale',
'transip',
'selectel',
'luadns',
'he',
'dynu',
'glesys',
'nfsn',
'loopia',
'mythicbeasts',
'alidns',
'metaname'
]
{% endmacro %}
{% if context_var == 'dnsProviderSpecialLogic' %}
{% if dnsProvider == 'duckdns' %}
{% if dnsApiKey %}api_token {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}override_domain {{ dnsSecretApiKey }}
{% endif %}
{% elif dnsProvider == 'porkbun' %}
{% if dnsApiKey %}api_key {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}api_secret_key {{ dnsSecretApiKey }}
{% endif %}
{% elif dnsProvider == 'desec' %}
{% if dnsApiKey %}token {{ dnsApiKey }}
{% endif %}
{% elif dnsProvider == 'route53' %}
{% if dnsApiKey %}access_key_id {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}secret_access_key {{ dnsSecretApiKey }}
{% endif %}
{% if dnsOptionalField1 %}hosted_zone_id {{ dnsOptionalField1 }}
{% endif %}
{% if dnsOptionalField2 %}profile {{ dnsOptionalField2 }}
{% endif %}
{% if dnsOptionalField3 %}region {{ dnsOptionalField3 }}
{% endif %}
{% if dnsOptionalField4 %}session_token {{ dnsOptionalField4 }}
{% endif %}
{% elif dnsProvider == 'acmedns' %}
{% if dnsApiKey %}username {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}password {{ dnsSecretApiKey }}
{% endif %}
{% if dnsOptionalField1 %}subdomain {{ dnsOptionalField1 }}
{% endif %}
{% if dnsOptionalField2 %}server_url {{ dnsOptionalField2 }}
{% endif %}
{% elif dnsProvider == 'googleclouddns' %}
{% if dnsApiKey %}gcp_project {{ dnsApiKey }}
{% endif %}
{% elif dnsProvider == 'azure' %}
{% if dnsApiKey %}tenant_id {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}client_id {{ dnsSecretApiKey }}
{% endif %}
{% if dnsOptionalField1 %}client_secret {{ dnsOptionalField1 }}
{% endif %}
{% if dnsOptionalField2 %}subscription_id {{ dnsOptionalField2 }}
{% endif %}
{% if dnsOptionalField3 %}resource_group_name {{ dnsOptionalField3 }}
{% endif %}
{% elif dnsProvider == 'ovh' %}
{% if dnsApiKey %}endpoint {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}application_key {{ dnsSecretApiKey }}
{% endif %}
{% if dnsOptionalField1 %}application_secret {{ dnsOptionalField1 }}
{% endif %}
{% if dnsOptionalField2 %}consumer_key {{ dnsOptionalField2 }}
{% endif %}
{% elif dnsProvider == 'namecheap' %}
{% if dnsApiKey %}api_key {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}user {{ dnsSecretApiKey }}
{% endif %}
{% if dnsOptionalField1 %}api_endpoint {{ dnsOptionalField1 }}
{% endif %}
{% if dnsOptionalField2 %}client_ip {{ dnsOptionalField2 }}
{% endif %}
{% elif dnsProvider == 'powerdns' %}
{% if dnsApiKey %}server_url {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}api_token {{ dnsSecretApiKey }}
{% endif %}
{% elif dnsProvider == 'ddnss' %}
{% if dnsApiKey %}api_token {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}username {{ dnsSecretApiKey }}
{% endif %}
password {{ dnsOptionalField1 }}
{% elif dnsProvider == 'linode' %}
{% if dnsApiKey %}api_token {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}api_url {{ dnsSecretApiKey }}
{% endif %}
{% if dnsOptionalField1 %}api_version {{ dnsOptionalField1 }}
{% endif %}
{% elif dnsProvider == 'tencentcloud' %}
{% if dnsApiKey %}secret_id {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}secret_key {{ dnsSecretApiKey }}
{% endif %}
{% elif dnsProvider == 'dinahosting' %}
{% if dnsApiKey %}username {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}password {{ dnsSecretApiKey }}
{% endif %}
{% elif dnsProvider == 'hexonet' %}
{% if dnsApiKey %}username {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}password {{ dnsSecretApiKey }}
{% endif %}
{% elif dnsProvider == 'mailinabox' %}
{% if dnsApiKey %}api_url {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}email_address {{ dnsSecretApiKey }}
{% endif %}
{% if dnsOptionalField1 %}password {{ dnsOptionalField1 }}
{% endif %}
{% elif dnsProvider == 'netcup' %}
{% if dnsApiKey %}customer_number {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}api_key {{ dnsSecretApiKey }}
{% endif %}
{% if dnsOptionalField1 %}api_password {{ dnsOptionalField1 }}
{% endif %}
{% elif dnsProvider == 'rfc2136' %}
{% if dnsApiKey %}key_name {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}key_alg {{ dnsSecretApiKey }}
{% endif %}
{% if dnsOptionalField1 %}key {{ dnsOptionalField1 }}
{% endif %}
{% if dnsOptionalField2 %}server {{ dnsOptionalField2 }}
{% endif %}
{% elif dnsProvider == 'dnsmadeeasy' %}
{% if dnsApiKey %}api_key {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}secret_key {{ dnsSecretApiKey }}
{% endif %}
{% if dnsOptionalField1 %}api_endpoint {{ dnsOptionalField1 }}
{% endif %}
{% elif dnsProvider == 'civo' %}
{% if dnsApiKey %}api_token {{ dnsApiKey }}
{% endif %}
{% elif dnsProvider == 'scaleway' %}
{% if dnsApiKey %}secret_key {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}organization_id {{ dnsSecretApiKey }}
{% endif %}
{% elif dnsProvider == 'acmeproxy' %}
{% if dnsApiKey %}username {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}password {{ dnsSecretApiKey }}
{% endif %}
{% if dnsOptionalField1 %}endpoint {{ dnsOptionalField1 }}
{% endif %}
{% elif dnsProvider == 'inwx' %}
{% if dnsApiKey %}username {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}password {{ dnsSecretApiKey }}
{% endif %}
{% if dnsOptionalField1 %}shared_secret {{ dnsOptionalField1 }}
{% endif %}
{% if dnsOptionalField2 %}endpoint_url {{ dnsOptionalField2 }}
{% endif %}
{% elif dnsProvider == 'namedotcom' %}
{% if dnsApiKey %}token {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}server {{ dnsSecretApiKey }}
{% endif %}
{% if dnsOptionalField1 %}user {{ dnsOptionalField1 }}
{% endif %}
{% elif dnsProvider == 'easydns' %}
{% if dnsApiKey %}api_token {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}api_key {{ dnsSecretApiKey }}
{% endif %}
{% if dnsOptionalField1 %}api_url {{ dnsOptionalField1 }}
{% endif %}
{% elif dnsProvider == 'directadmin' %}
{% if dnsApiKey %}host {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}user {{ dnsSecretApiKey }}
{% endif %}
{% if dnsOptionalField1 %}login_key {{ dnsOptionalField1 }}
{% endif %}
{% if dnsOptionalField2 %}insecure_requests {{ dnsOptionalField2 }}
{% endif %}
{% elif dnsProvider == 'cloudns' %}
{% if dnsApiKey %}auth_id {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}auth_password {{ dnsSecretApiKey }}
{% endif %}
{% if dnsOptionalField1 %}sub_auth_id {{ dnsOptionalField1 }}
{% endif %}
{% elif dnsProvider == 'huaweicloud' %}
{% if dnsApiKey %}access_key_id {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}secret_access_key {{ dnsSecretApiKey }}
{% endif %}
{% elif dnsProvider == 'regfish' %}
{% if dnsApiKey %}api_key {{ dnsApiKey }}
{% endif %}
{% elif dnsProvider == 'dreamhost' %}
{% if dnsApiKey %}api_key {{ dnsApiKey }}
{% endif %}
{% elif dnsProvider == 'exoscale' %}
{% if dnsApiKey %}api_key {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}api_secret {{ dnsSecretApiKey }}
{% endif %}
{% elif dnsProvider == 'transip' %}
{% if dnsApiKey %}account_name {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}private_key_path {{ dnsSecretApiKey }}
{% endif %}
{% elif dnsProvider == 'selectel' %}
{% if dnsApiKey %}user {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}password {{ dnsSecretApiKey }}
{% endif %}
{% if dnsOptionalField1 %}account_id {{ dnsOptionalField1 }}
{% endif %}
{% if dnsOptionalField2 %}project_name {{ dnsOptionalField2 }}
{% endif %}
{% elif dnsProvider == 'luadns' %}
{% if dnsApiKey %}email {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}api_key {{ dnsSecretApiKey }}
{% endif %}
{% elif dnsProvider == 'he' %}
{% if dnsApiKey %}api_key {{ dnsApiKey }}
{% endif %}
{% elif dnsProvider == 'dynu' %}
{% if dnsApiKey %}api_token {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}own_domain {{ dnsSecretApiKey }}
{% endif %}
{% elif dnsProvider == 'glesys' %}
{% if dnsApiKey %}project {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}api_key {{ dnsSecretApiKey }}
{% endif %}
{% elif dnsProvider == 'nfsn' %}
{% if dnsApiKey %}login {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}api_key {{ dnsSecretApiKey }}
{% endif %}
{% elif dnsProvider == 'loopia' %}
{% if dnsApiKey %}username {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}password {{ dnsSecretApiKey }}
{% endif %}
{% elif dnsProvider == 'mythicbeasts' %}
{% if dnsApiKey %}key_id {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}secret {{ dnsSecretApiKey }}
{% endif %}
{% elif dnsProvider == 'alidns' %}
{% if dnsApiKey %}access_key_id {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}access_key_secret {{ dnsSecretApiKey }}
{% endif %}
{% elif dnsProvider == 'metaname' %}
{% if dnsApiKey %}api_key {{ dnsApiKey }}
{% endif %}
{% if dnsSecretApiKey %}account_reference {{ dnsSecretApiKey }}
{% endif %}
{% endif %}
{% endif %}