add database host
This commit is contained in:
parent
b30161c739
commit
01e86c277b
5 changed files with 58 additions and 22 deletions
24
flake.lock
24
flake.lock
|
@ -420,11 +420,11 @@
|
||||||
"utils": "utils_3"
|
"utils": "utils_3"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1664449551,
|
"lastModified": 1664573442,
|
||||||
"narHash": "sha256-iTStJtZB1+MppkT+95Ckqy2NDaISb+QcUkOAa0DS0io=",
|
"narHash": "sha256-AovlSIuJfMf8n9QLNUVtsCul+NVHIoen7APH2fLls3k=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "864ff685fe6443101a0a8f3950d21bcb4330e56a",
|
"rev": "a7f0cc2d7b271b4a5df9b9e351d556c172f7e903",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -439,11 +439,11 @@
|
||||||
"wlroots": "wlroots"
|
"wlroots": "wlroots"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1664477193,
|
"lastModified": 1664617133,
|
||||||
"narHash": "sha256-W8pe+3wrAUjtexyd6ve4qZGLOWzfqqXKyieY3Q3ntsY=",
|
"narHash": "sha256-ogDblDyvM8KgJEmidcmrQbBEFVYleAPLeoyuioCXYa4=",
|
||||||
"owner": "hyprwm",
|
"owner": "hyprwm",
|
||||||
"repo": "Hyprland",
|
"repo": "Hyprland",
|
||||||
"rev": "da40bf823f2f307e439f4bd85c405d9e612c2df5",
|
"rev": "590fbf808b60baceef3b021050dae4c409121bf5",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -550,11 +550,11 @@
|
||||||
"utils": "utils_5"
|
"utils": "utils_5"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1664416713,
|
"lastModified": 1664504390,
|
||||||
"narHash": "sha256-EBlFsuwJKak5l9UpSXKgTiUL30kjuKeWMNsJZOGbhA8=",
|
"narHash": "sha256-H7p9P2oxLiPYCYpbFFkECJ95+dwR0g83rYJJhYIbo/E=",
|
||||||
"owner": "jyooru",
|
"owner": "jyooru",
|
||||||
"repo": "nix-minecraft-servers",
|
"repo": "nix-minecraft-servers",
|
||||||
"rev": "520d55ed44be7806138216e9ebe84bfcf641e999",
|
"rev": "d3eed15d776fe50786913047f0764efd917ea351",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -826,11 +826,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1664388710,
|
"lastModified": 1664557358,
|
||||||
"narHash": "sha256-SbaZu/HVBVelLGYFPdZ2IteHS6rBaa8as/iEIvEmNz4=",
|
"narHash": "sha256-ok/e+vBUyt3OhdG0ND7d0INxAA5w9+SRxGlUtao0nv4=",
|
||||||
"owner": "DeterminateSystems",
|
"owner": "DeterminateSystems",
|
||||||
"repo": "riff",
|
"repo": "riff",
|
||||||
"rev": "c47ff5c960f11c372a5b6d96182a88ee22dc30dd",
|
"rev": "8a11573a00386a5849af5534b5d0336092299eef",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -1,9 +1,6 @@
|
||||||
{ config, lib, pkgs, inputs, ... }:
|
{ config, lib, pkgs, inputs, ... }: {
|
||||||
|
|
||||||
{
|
|
||||||
imports = [
|
imports = [
|
||||||
inputs.vault-secrets.nixosModules.vault-secrets
|
inputs.vault-secrets.nixosModules.vault-secrets
|
||||||
# User account definitions
|
|
||||||
./users
|
./users
|
||||||
./modules
|
./modules
|
||||||
];
|
];
|
||||||
|
@ -67,16 +64,20 @@
|
||||||
MaxFileSec=7day
|
MaxFileSec=7day
|
||||||
'';
|
'';
|
||||||
|
|
||||||
# Enable SSH daemon support.
|
# Enable SSH
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
passwordAuthentication = false;
|
passwordAuthentication = false;
|
||||||
permitRootLogin = "no";
|
permitRootLogin = "no";
|
||||||
};
|
};
|
||||||
|
|
||||||
vault-secrets = lib.mkIf (config.networking.domain == "olympus") {
|
# Configure vault-secrets based on domain
|
||||||
vaultPrefix = "olympus_secrets/nixos";
|
vault-secrets = let
|
||||||
vaultAddress = "http://vault.olympus:8200/";
|
inherit (config.networking) domain hostName;
|
||||||
approlePrefix = "olympus-${config.networking.hostName}";
|
server = if domain == "olympus" then "vault" else "vault-0";
|
||||||
|
in lib.mkIf (domain == "olympus" || domain == "hades") {
|
||||||
|
vaultPrefix = "${domain}_secrets/nixos";
|
||||||
|
vaultAddress = "http://${server}.${domain}:8200/";
|
||||||
|
approlePrefix = "${domain}-${hostName}";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
35
nixos/hosts/hades/database/configuration.nix
Normal file
35
nixos/hosts/hades/database/configuration.nix
Normal file
|
@ -0,0 +1,35 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
let vs = config.vault-secrets.secrets;
|
||||||
|
in {
|
||||||
|
networking.interfaces.eth0.useDHCP = true;
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ config.services.postgresql.port ];
|
||||||
|
|
||||||
|
vault-secrets.secrets.database = {
|
||||||
|
user = "postgres";
|
||||||
|
group = "postgres";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.postgresql = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.postgresql_13;
|
||||||
|
enableTCPIP = true;
|
||||||
|
extraPlugins = [ ];
|
||||||
|
initdbArgs = [
|
||||||
|
"--encoding 'UTF-8'"
|
||||||
|
"--lc-collate='en_US.UTF-8'"
|
||||||
|
"--lc-ctype='en_US.UTF-8'"
|
||||||
|
];
|
||||||
|
authentication = ''
|
||||||
|
host all all 192.168.0.1/23 md5
|
||||||
|
host all all 10.10.10.0/24 md5
|
||||||
|
'';
|
||||||
|
initialScript = "${vs.database}/initialScript";
|
||||||
|
settings = {
|
||||||
|
shared_preload_libraries = "pg_stat_statements";
|
||||||
|
"pg_stat_statements.track" = "all";
|
||||||
|
"pg_stat_statements.max" = 10000;
|
||||||
|
track_activity_query_size = 2048;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -121,7 +121,6 @@
|
||||||
hostname = "database";
|
hostname = "database";
|
||||||
ip = "192.168.0.126";
|
ip = "192.168.0.126";
|
||||||
mac = "82:e8:71:7f:37:b4";
|
mac = "82:e8:71:7f:37:b4";
|
||||||
nix = false;
|
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
hostname = "dn42";
|
hostname = "dn42";
|
||||||
|
|
|
@ -98,6 +98,7 @@ in {
|
||||||
package = pkgs.gitAndTools.gitFull;
|
package = pkgs.gitAndTools.gitFull;
|
||||||
userName = "Victor";
|
userName = "Victor";
|
||||||
userEmail = "victor@xirion.net";
|
userEmail = "victor@xirion.net";
|
||||||
|
lfs.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
programs.mako = {
|
programs.mako = {
|
||||||
|
|
Loading…
Reference in a new issue