122 lines
3.4 KiB
Nix
122 lines
3.4 KiB
Nix
{ pkgs, lib, config, ... }:
|
|
|
|
with lib;
|
|
let
|
|
|
|
in {
|
|
config = {
|
|
users = {
|
|
users = {
|
|
backplane-powerdns = {
|
|
isSystemUser = true;
|
|
};
|
|
backplane-dns = {
|
|
isSystemUser = true;
|
|
};
|
|
};
|
|
|
|
groups = {
|
|
backplane-powerdns = {
|
|
members = [ "backplane-powerdns" ];
|
|
};
|
|
backplane-dns = {
|
|
members = [ "backplane-dns" ];
|
|
};
|
|
};
|
|
};
|
|
|
|
fudo = {
|
|
password.file-generator = {
|
|
dns_backplane_powerdns = {
|
|
file = "/srv/backplane/dns/secure/db_powerdns.passwd";
|
|
user = config.services.postgresql.superUser;
|
|
group = "backplane-powerdns";
|
|
restart-services = [
|
|
"backplane-dns-config-generator.service"
|
|
"postgresql-password-setter.service"
|
|
"backplane-powerdns.service"
|
|
];
|
|
};
|
|
dns_backplane_database = {
|
|
file = "/srv/backplane/dns/secure/db_backplane.passwd";
|
|
user = config.services.postgresql.superUser;
|
|
group = "backplane-dns";
|
|
restart-services = [
|
|
"backplane-dns.service"
|
|
"postgresql-password-setter.service"
|
|
];
|
|
};
|
|
};
|
|
|
|
postgresql = {
|
|
enable = true;
|
|
required-services = [ "fudo-passwords.target" ];
|
|
|
|
users = {
|
|
backplane_powerdns = {
|
|
password-file = "/srv/backplane/dns/secure/db_powerdns.passwd";
|
|
databases = {
|
|
backplane_dns = {
|
|
access = "CONNECT";
|
|
# entity-access = {
|
|
# "ALL TABLES IN SCHEMA public" = "SELECT";
|
|
# };
|
|
entity-access = {
|
|
"ALL TABLES IN SCHEMA public" = "SELECT,INSERT,UPDATE,DELETE";
|
|
"ALL SEQUENCES IN SCHEMA public" = "SELECT,UPDATE";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
backplane_dns = {
|
|
password-file = "/srv/backplane/dns/secure/db_backplane.passwd";
|
|
databases = {
|
|
backplane_dns = {
|
|
access = "CONNECT";
|
|
entity-access = {
|
|
"ALL TABLES IN SCHEMA public" = "SELECT,INSERT,UPDATE,DELETE";
|
|
"ALL SEQUENCES IN SCHEMA public" = "SELECT,UPDATE";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
databases = {
|
|
backplane_dns = {
|
|
users = ["niten"];
|
|
};
|
|
};
|
|
};
|
|
|
|
backplane.dns = {
|
|
enable = true;
|
|
listen-v4-addresses = [ "208.81.3.126" ];
|
|
listen-v6-addresses = [ "[2605:e200:d200:1:6d:e2ff:fee1:adca]" ];
|
|
required-services = [ "fudo-passwords.target" ];
|
|
user = "backplane-dns";
|
|
group = "backplane-dns";
|
|
database = {
|
|
username = "backplane_powerdns";
|
|
database = "backplane_dns";
|
|
# Uses an IP to avoid cyclical dependency...not really relevant, but
|
|
# whatever
|
|
host = "127.0.0.1";
|
|
password-file = "/srv/backplane/dns/secure/db_powerdns.passwd";
|
|
};
|
|
backplane = {
|
|
host = "backplane.fudo.org";
|
|
role = "service-dns";
|
|
password-file = "/srv/backplane/dns/secure/backplane.passwd";
|
|
database = {
|
|
username = "backplane_dns";
|
|
database = "backplane_dns";
|
|
host = "127.0.0.1";
|
|
password-file = "/srv/backplane/dns/secure/db_backplane.passwd";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|