37 lines
1 KiB
Nix
37 lines
1 KiB
Nix
{ lib, pkgs, ... }:
|
|
|
|
{
|
|
services.postgresql = {
|
|
enable = true;
|
|
settings = {
|
|
# Set hashing algorithm
|
|
password_encryption = "scram-sha-256";
|
|
|
|
# Replication conf
|
|
wal_level = "logical";
|
|
max_wal_senders = "5";
|
|
max_replication_slots = "5";
|
|
listen_addresses = lib.mkForce "127.0.0.1,100.123.91.36";
|
|
};
|
|
|
|
# authentication = ''
|
|
# host all replication_user 100.112.93.9/32 scram-sha-256
|
|
# '';
|
|
|
|
authentication = lib.mkForce ''
|
|
# TYPE DATABASE USER ADDRESS AUTH-METHOD
|
|
|
|
# Allow the replication subscriber to connect from Tailscale IP
|
|
host all replication_user 100.112.93.9/32 scram-sha-256
|
|
|
|
host hexname-backend hexname-backend 127.0.0.1/32 scram-sha-256
|
|
host powerdns powerdns 127.0.0.1/32 scram-sha-256
|
|
local all all peer
|
|
|
|
# local all postgres peer
|
|
'';
|
|
|
|
initialScript = "/etc/env/hexname/init-db-dns.sql";
|
|
};
|
|
}
|
|
|