From f80ba36c2a508203789f5279af12b2a5df368b24 Mon Sep 17 00:00:00 2001 From: soraefir Date: Wed, 6 May 2026 03:22:55 +0200 Subject: [PATCH] more db ip fix test --- modules/server/database/default.nix | 19 +++++++++++-------- modules/server/nftables/default.nix | 2 +- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/modules/server/database/default.nix b/modules/server/database/default.nix index dcc84f6..9ce0c62 100644 --- a/modules/server/database/default.nix +++ b/modules/server/database/default.nix @@ -14,14 +14,17 @@ in { services.postgresql = { enable = true; enableTCPIP = true; # Required to listen on network interfaces - authentication = pkgs.lib.mkOverride 10 '' - # TYPE DATABASE USER ADDRESS METHOD - local all all trust - host all all 127.0.0.1/32 trust - host all all 10.0.0.0/8 scram-sha-256 - host all all 169.254.0.0/16 scram-sha-256 - host all all ::1/128 trust - ''; + settings = { + listen_addresses = lib.mkForce "*"; + }; + # authentication = pkgs.lib.mkOverride 10 '' + # # TYPE DATABASE USER ADDRESS METHOD + # local all all trust + # host all all 127.0.0.1/32 trust + # host all all 10.0.0.0/8 scram-sha-256 + # host all all 169.254.0.0/16 scram-sha-256 + # host all all ::1/128 trust + # ''; ensureDatabases = map (name: "${name}_db") allApps; ensureUsers = map (name: { name = "${name}_user"; }) allApps; }; diff --git a/modules/server/nftables/default.nix b/modules/server/nftables/default.nix index 29d5571..6721985 100644 --- a/modules/server/nftables/default.nix +++ b/modules/server/nftables/default.nix @@ -12,7 +12,7 @@ table inet filter { chain input { type filter hook input priority filter; policy accept; - tcp dport 5432 ip saddr { 10.0.0.0/8 } accept + tcp dport 5432 ip saddr { 10.0.0.0/8 169.254.0.0/16 } accept } } table inet nat {