nix
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nixos-config/hosts/france/backplane.nix

122 lines
3.4 KiB
Nix
Raw Normal View History

france as a dns backplane server
2020-11-17 15:29:44 -08:00
{ pkgs, lib, config, ... }:
with lib;
let
in {
config = {
users = {
users = {
backplane-powerdns = {
isSystemUser = true;
};
backplane-dns = {
isSystemUser = true;
};
};
groups = {
backplane-powerdns = {
members = [ "backplane-powerdns" ];
};
backplane-dns = {
members = [ "backplane-dns" ];
};
};
};
fudo = {
password.file-generator = {
dns_backplane_powerdns = {
file = "/srv/backplane/dns/secure/db_powerdns.passwd";
user = config.services.postgresql.superUser;
group = "backplane-powerdns";
restart-services = [
"backplane-dns-config-generator.service"
"postgresql-password-setter.service"
"backplane-powerdns.service"
];
};
dns_backplane_database = {
file = "/srv/backplane/dns/secure/db_backplane.passwd";
user = config.services.postgresql.superUser;
group = "backplane-dns";
restart-services = [
"backplane-dns.service"
"postgresql-password-setter.service"
];
};
};
postgresql = {
enable = true;
required-services = [ "fudo-passwords.target" ];
users = {
backplane_powerdns = {
password-file = "/srv/backplane/dns/secure/db_powerdns.passwd";
databases = {
backplane_dns = {
access = "CONNECT";
Modifications to DNS config
2020-11-19 14:21:18 -08:00
# entity-access = {
# "ALL TABLES IN SCHEMA public" = "SELECT";
# };
france as a dns backplane server
2020-11-17 15:29:44 -08:00
entity-access = {
Modifications to DNS config
2020-11-19 14:21:18 -08:00
"ALL TABLES IN SCHEMA public" = "SELECT,INSERT,UPDATE,DELETE";
"ALL SEQUENCES IN SCHEMA public" = "SELECT,UPDATE";
france as a dns backplane server
2020-11-17 15:29:44 -08:00
};
};
};
};
backplane_dns = {
password-file = "/srv/backplane/dns/secure/db_backplane.passwd";
databases = {
backplane_dns = {
access = "CONNECT";
entity-access = {
Modifications to DNS config
2020-11-19 14:21:18 -08:00
"ALL TABLES IN SCHEMA public" = "SELECT,INSERT,UPDATE,DELETE";
france as a dns backplane server
2020-11-17 15:29:44 -08:00
"ALL SEQUENCES IN SCHEMA public" = "SELECT,UPDATE";
};
};
};
};
};
databases = {
backplane_dns = {
users = ["niten"];
};
};
};
backplane.dns = {
enable = true;
Modifications to DNS config
2020-11-19 14:21:18 -08:00
listen-v4-addresses = [ "208.81.3.126" ];
listen-v6-addresses = [ "[2605:e200:d200:1:6d:e2ff:fee1:adca]" ];
france as a dns backplane server
2020-11-17 15:29:44 -08:00
required-services = [ "fudo-passwords.target" ];
user = "backplane-dns";
group = "backplane-dns";
database = {
username = "backplane_powerdns";
database = "backplane_dns";
# Uses an IP to avoid cyclical dependency...not really relevant, but
# whatever
host = "127.0.0.1";
password-file = "/srv/backplane/dns/secure/db_powerdns.passwd";
};
backplane = {
host = "backplane.fudo.org";
role = "service-dns";
password-file = "/srv/backplane/dns/secure/backplane.passwd";
database = {
username = "backplane_dns";
database = "backplane_dns";
host = "127.0.0.1";
password-file = "/srv/backplane/dns/secure/db_backplane.passwd";
};
};
};
};
};
}