feat(ops/nixos): Use database password for Panettone
It appears this didn't even *work* without a password, so we've been forced into being more secure. Change-Id: I4ff9d04961a703a85299dafb79e8447b0a933fc1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1491 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
This commit is contained in:
Griffin Smith
glittershark
parent
b2c34c4ba3
commit
d9262bd6c6
2 changed files with 18 additions and 6 deletions
|
|
@ -221,6 +221,7 @@ in lib.fix(self: {
|
|||
enable = true;
|
||||
dbUser = "panettone";
|
||||
dbName = "panettone";
|
||||
secretsFile = "/etc/secrets/panettone";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -228,10 +229,12 @@ in lib.fix(self: {
|
|||
enable = true;
|
||||
enableTCPIP = true;
|
||||
|
||||
authentication = lib.mkOverride 10 ''
|
||||
authentication = lib.mkForce ''
|
||||
local all all trust
|
||||
host all all ::1/128 trust
|
||||
hostnossl all all ::1/128 trust
|
||||
host all all 127.0.0.1/32 password
|
||||
host all all ::1/128 password
|
||||
hostnossl all all 127.0.0.1/32 password
|
||||
hostnossl all all ::1/128 password
|
||||
'';
|
||||
|
||||
ensureDatabases = [
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue