sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

more db ip fix test

Browse Source
This commit is contained in:
soraefir
2026-05-06 03:22:55 +02:00
parent e276df28b4
commit f80ba36c2a
2 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
modules/server/database/default.nix
View File

@@ -14,14 +14,17 @@ in {
services.postgresql = {
enable = true;
enableTCPIP = true; # Required to listen on network interfaces
authentication = pkgs.lib.mkOverride 10 ''
# TYPE DATABASE USER ADDRESS METHOD
local all all trust
host all all 127.0.0.1/32 trust
host all all 10.0.0.0/8 scram-sha-256
host all all 169.254.0.0/16 scram-sha-256
host all all ::1/128 trust
'';
settings = {
listen_addresses = lib.mkForce "*";
};
# authentication = pkgs.lib.mkOverride 10 ''
# # TYPE DATABASE USER ADDRESS METHOD
# local all all trust
# host all all 127.0.0.1/32 trust
# host all all 10.0.0.0/8 scram-sha-256
# host all all 169.254.0.0/16 scram-sha-256
# host all all ::1/128 trust
# '';
ensureDatabases = map (name: "${name}_db") allApps;
ensureUsers = map (name: { name = "${name}_user"; }) allApps;
};

2
modules/server/nftables/default.nix
View File

@@ -12,7 +12,7 @@
table inet filter {
chain input {
type filter hook input priority filter; policy accept;
tcp dport 5432 ip saddr { 10.0.0.0/8 } accept
tcp dport 5432 ip saddr { 10.0.0.0/8 169.254.0.0/16 } accept
}
}
table inet nat {