From b5fcbc1a7037b425b71c791c37237647e75a2fca Mon Sep 17 00:00:00 2001
From: "root@procul" <root@procul.fudo.org>
Date: Thu, 19 Nov 2020 16:16:04 -0600
Subject: [PATCH] Local changes to procul

---
 config/fudo/dns.nix |  2 +-
 hosts/procul.nix    | 23 ++++++++++++++++++++---
 2 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/config/fudo/dns.nix b/config/fudo/dns.nix
index 9de4805..e61920c 100644
--- a/config/fudo/dns.nix
+++ b/config/fudo/dns.nix
@@ -149,7 +149,7 @@ let
 
   nsRecords = ns-hosts:
     join-lines ((mapAttrsToList (host: _: "@ IN NS ${host}.") ns-hosts) ++
-                (mapAttrsToList (host: ip: "${host} IN A ${ip}") ns-hosts));
+                (mapAttrsToList (host: ip: "${host}. IN A ${ip}") ns-hosts));
 
 in {
 
diff --git a/hosts/procul.nix b/hosts/procul.nix
index 3829b15..5272d2a 100644
--- a/hosts/procul.nix
+++ b/hosts/procul.nix
@@ -106,6 +106,15 @@ in {
       ];
     };
 
+    client.dns = {
+      enable = true;
+      ipv4 = true;
+      ipv6 = true;
+      user = "fudo-client";
+      external-interface = "extif0";
+      password-file = "/srv/client/secure/client.passwd";
+    };
+
     # Not all users need access to procul; don't allow LDAP-user access.
     authentication.enable = false;
 
@@ -210,15 +219,23 @@ in {
 
       users = {
         gituser = {
-          password = fileContents "/srv/git/secure/db.passwd";
+          password-file = "/srv/git/secure/db.passwd";
           databases = {
-            git = "ALL PRIVILEGES";
+            git = {
+              access = "CONNECT";
+              entity-access = {
+                "ALL TABLES IN SCHEMA public" = "SELECT,INSERT,UPDATE,DELETE";
+                "ALL SEQUENCES IN SCHEMA public" = "SELECT, UPDATE";
+              };
+            };
           };
         };
       };
 
       databases = {
-        git = ["niten"];
+        git = {
+          users = ["niten"];
+        };
       };
     };