Local changes to procul

2020-11-19 16:16:04 -06:00 · 2020-11-19 16:16:04 -06:00 · b5fcbc1a70
parent 0740a6f0d1
commit b5fcbc1a70
2 changed files with 21 additions and 4 deletions
--- a/config/fudo/dns.nix
+++ b/config/fudo/dns.nix
@ -149,7 +149,7 @@ let

  nsRecords = ns-hosts:
    join-lines ((mapAttrsToList (host: _: "@ IN NS ${host}.") ns-hosts) ++
-                (mapAttrsToList (host: ip: "${host} IN A ${ip}") ns-hosts));
+                (mapAttrsToList (host: ip: "${host}. IN A ${ip}") ns-hosts));

 in {

--- a/hosts/procul.nix
+++ b/hosts/procul.nix
@ -106,6 +106,15 @@ in {
      ];
    };

+    client.dns = {
+      enable = true;
+      ipv4 = true;
+      ipv6 = true;
+      user = "fudo-client";
+      external-interface = "extif0";
+      password-file = "/srv/client/secure/client.passwd";
+    };
+
    # Not all users need access to procul; don't allow LDAP-user access.
    authentication.enable = false;

@ -210,15 +219,23 @@ in {

      users = {
        gituser = {
-          password = fileContents "/srv/git/secure/db.passwd";
+          password-file = "/srv/git/secure/db.passwd";
          databases = {
-            git = "ALL PRIVILEGES";
+            git = {
+              access = "CONNECT";
+              entity-access = {
+                "ALL TABLES IN SCHEMA public" = "SELECT,INSERT,UPDATE,DELETE";
+                "ALL SEQUENCES IN SCHEMA public" = "SELECT, UPDATE";
+              };
+            };
          };
        };
      };

      databases = {
-        git = ["niten"];
+        git = {
+          users = ["niten"];
+        };
      };
    };