diff options
| author | Max Audron <audron@cocaine.farm> | 2023-10-08 12:29:39 +0200 |
|---|---|---|
| committer | Max Audron <audron@cocaine.farm> | 2023-10-08 12:29:39 +0200 |
| commit | 9466a3ce94b1bb0112a323cefe4a7aaeadf515d9 (patch) | |
| tree | 090070c6e4ca68cdd584bf72bf47ae486d15a3f7 /modules/powerdns | |
| parent | enable acme module (diff) | |
deploy powerdns admin and tlmp
Diffstat (limited to 'modules/powerdns')
| -rw-r--r-- | modules/powerdns/default.nix | 69 |
1 files changed, 65 insertions, 4 deletions
diff --git a/modules/powerdns/default.nix b/modules/powerdns/default.nix index cca6a03..d110875 100644 --- a/modules/powerdns/default.nix +++ b/modules/powerdns/default.nix @@ -64,11 +64,72 @@ in secretFile = "/etc/secrets/pdns_api.env"; }; - secrets = { - pdnsAPI = { - source = ../../secrets/pdns/pdns_api.env; - dest = "/etc/secrets/pdns_api.env"; + services.powerdns-admin = { + enable = true; + secretKeyFile = "/var/lib/pdns/secret.key"; + saltFile = "/var/lib/pdns/salt"; + extraArgs = [ "-b" "10.10.0.1:8000" ]; + config = '' + SQLALCHEMY_DATABASE_URI = 'postgresql://powerdnsadmin@/pdns?host=/run/postgresql' + # SAML_ENABLED = True + # SAML_DEBUG = True + # SAML_METADATA_URL = 'https://auth.vapor.systems/application/saml/powerdns/metadata/' + # SAML_METADATA_CACHE_LIFETIME = 1 + # SAML_LOGOUT_URL = 'https://auth.vapor.systems/application/saml/powerdns/slo/binding/redirect/' + # SAML_SP_ENTITY_ID = 'pdns-admin' + # SAML_SP_CONTACT_NAME = 'me' + # SAML_SP_CONTACT_MAIL = 'me' + # SAML_NAMEID_FORMAT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent' + # SAML_ATTRIBUTE_USERNAME = 'http://schemas.goauthentik.io/2021/02/saml/username' + # SAML_ATTRIBUTE_NAME = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name' + # SAML_ATTRIBUTE_EMAIL = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress' + # SAML_ATTRIBUTE_GROUP = 'http://schemas.xmlsoap.org/claims/Group' + # SAML_GROUP_ADMIN_NAME = 'admin' + # SAML_SIGN_REQUEST = False + # SAML_ASSERTION_ENCRYPTED = False + # SAML_WANT_MESSAGE_SIGNED = False + # SAML_CERT = '/var/lib/pdns/saml.crt' + ''; + }; + + security.acme.certs = { + "vapor.systems" = { + extraDomainNames = [ "*.vapor.systems" ]; }; }; + + services.nginx = { + enable = true; + defaultListenAddresses = [ "178.63.224.13" ]; + virtualHosts."ns.vapor.systems" = { + addSSL = true; + useACMEHost = "vapor.systems"; + locations."/" = { + proxyPass = "http://10.10.0.1:8000"; + proxyWebsockets = true; + extraConfig = + "proxy_pass_header Authorization;" + ; + }; + }; + }; + + systemd.services.powerdns-admin.serviceConfig = { + BindPaths = [ "/run/postgresql" ]; + }; + + services.postgresql = { + ensureDatabases = [ "pdns" ]; + ensureUsers = [ + { + name = "pdns"; + ensurePermissions = { "DATABASE pdns" = "ALL PRIVILEGES"; }; + } + { + name = "powerdnsadmin"; + ensurePermissions = { "DATABASE pdns" = "ALL PRIVILEGES"; }; + } + ]; + }; }; } |