diff --git a/modules/server/database/default.nix b/modules/server/database/default.nix index dcc84f6..9ce0c62 100644 --- a/modules/server/database/default.nix +++ b/modules/server/database/default.nix @@ -14,14 +14,17 @@ in { services.postgresql = { enable = true; enableTCPIP = true; # Required to listen on network interfaces - authentication = pkgs.lib.mkOverride 10 '' - # TYPE DATABASE USER ADDRESS METHOD - local all all trust - host all all 127.0.0.1/32 trust - host all all 10.0.0.0/8 scram-sha-256 - host all all 169.254.0.0/16 scram-sha-256 - host all all ::1/128 trust - ''; + settings = { + listen_addresses = lib.mkForce "*"; + }; + # authentication = pkgs.lib.mkOverride 10 '' + # # TYPE DATABASE USER ADDRESS METHOD + # local all all trust + # host all all 127.0.0.1/32 trust + # host all all 10.0.0.0/8 scram-sha-256 + # host all all 169.254.0.0/16 scram-sha-256 + # host all all ::1/128 trust + # ''; ensureDatabases = map (name: "${name}_db") allApps; ensureUsers = map (name: { name = "${name}_user"; }) allApps; }; diff --git a/modules/server/nftables/default.nix b/modules/server/nftables/default.nix index 29d5571..6721985 100644 --- a/modules/server/nftables/default.nix +++ b/modules/server/nftables/default.nix @@ -12,7 +12,7 @@ table inet filter { chain input { type filter hook input priority filter; policy accept; - tcp dport 5432 ip saddr { 10.0.0.0/8 } accept + tcp dport 5432 ip saddr { 10.0.0.0/8 169.254.0.0/16 } accept } } table inet nat {