sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

more db ip fix test

Browse Source
This commit is contained in:
soraefir
2026-05-06 03:22:55 +02:00
parent e276df28b4
commit f80ba36c2a
2 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
modules/server/database/default.nix
View File

@@ -14,14 +14,17 @@ in {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
enableTCPIP = true; # Required to listen on network interfaces enableTCPIP = true; # Required to listen on network interfaces
authentication = pkgs.lib.mkOverride 10 '' settings = {
# TYPE DATABASE USER ADDRESS METHOD listen_addresses = lib.mkForce "*";
local all all trust };
host all all 127.0.0.1/32 trust # authentication = pkgs.lib.mkOverride 10 ''
host all all 10.0.0.0/8 scram-sha-256 # # TYPE DATABASE USER ADDRESS METHOD
host all all 169.254.0.0/16 scram-sha-256 # local all all trust
host all all ::1/128 trust # host all all 127.0.0.1/32 trust
''; # host all all 10.0.0.0/8 scram-sha-256
# host all all 169.254.0.0/16 scram-sha-256
# host all all ::1/128 trust
# '';
ensureDatabases = map (name: "${name}_db") allApps; ensureDatabases = map (name: "${name}_db") allApps;
ensureUsers = map (name: { name = "${name}_user"; }) allApps; ensureUsers = map (name: { name = "${name}_user"; }) allApps;
}; };

2
modules/server/nftables/default.nix
View File

@@ -12,7 +12,7 @@
table inet filter { table inet filter {
chain input { chain input {
type filter hook input priority filter; policy accept; type filter hook input priority filter; policy accept;
tcp dport 5432 ip saddr { 10.0.0.0/8 } accept tcp dport 5432 ip saddr { 10.0.0.0/8 169.254.0.0/16 } accept
} }
} }
table inet nat { table inet nat {