feat: implemented token auth

config.go

@@ -14,6 +14,9 @@ type Config struct {
 	TraefikUsername string
 	TraefikPassword string
 
+	GitAuthUsername string
+	GitAuthToken    string
+
 	Zones      []string
 	PublicIP   string
 	PublicIPv6 string // empty = no AAAA records
@@ -28,9 +31,9 @@ type Config struct {
 	ReconcileInterval time.Duration
 	DebounceDelay     time.Duration
 
-	RecordTTL      int
+	RecordTTL         int
 	CloudflareAutoTTL bool
-	ExcludeRouters map[string]struct{}
+	ExcludeRouters    map[string]struct{}
 }
 
 // LoadConfig reads configuration from environment variables and validates required fields.
@@ -41,6 +44,11 @@ func LoadConfig() (*Config, error) {
 	cfg.TraefikUsername = os.Getenv("TRAEFIK_USERNAME")
 	cfg.TraefikPassword = os.Getenv("TRAEFIK_PASSWORD")
 
+	// Optional HTTPS git authentication credentials.
+	// If GIT_AUTH_TOKEN is set, git commands will run non-interactively via GIT_ASKPASS.
+	cfg.GitAuthUsername = envOrDefault("GIT_AUTH_USERNAME", "x-access-token")
+	cfg.GitAuthToken = os.Getenv("GIT_AUTH_TOKEN")
+
 	zonesStr := os.Getenv("DNS_ZONES")
 	if zonesStr == "" {
 		return nil, fmt.Errorf("DNS_ZONES is required (comma-separated list of zones, e.g. example.com,example.net)")