aboutsummaryrefslogtreecommitdiff
path: root/modules/powerdns
diff options
context:
space:
mode:
Diffstat (limited to 'modules/powerdns')
-rw-r--r--modules/powerdns/default.nix70
-rw-r--r--modules/powerdns/primary.nix73
2 files changed, 75 insertions, 68 deletions
diff --git a/modules/powerdns/default.nix b/modules/powerdns/default.nix
index d110875..4543940 100644
--- a/modules/powerdns/default.nix
+++ b/modules/powerdns/default.nix
@@ -47,6 +47,8 @@ let
'';
in
{
+ imports = [ ./primary.nix ];
+
options.services.powerdns = {
role = lib.mkOption {
type = lib.types.enum [ "primary" "secondary" ];
@@ -63,73 +65,5 @@ in
else secondary;
secretFile = "/etc/secrets/pdns_api.env";
};
-
- services.powerdns-admin = {
- enable = true;
- secretKeyFile = "/var/lib/pdns/secret.key";
- saltFile = "/var/lib/pdns/salt";
- extraArgs = [ "-b" "10.10.0.1:8000" ];
- config = ''
- SQLALCHEMY_DATABASE_URI = 'postgresql://powerdnsadmin@/pdns?host=/run/postgresql'
- # SAML_ENABLED = True
- # SAML_DEBUG = True
- # SAML_METADATA_URL = 'https://auth.vapor.systems/application/saml/powerdns/metadata/'
- # SAML_METADATA_CACHE_LIFETIME = 1
- # SAML_LOGOUT_URL = 'https://auth.vapor.systems/application/saml/powerdns/slo/binding/redirect/'
- # SAML_SP_ENTITY_ID = 'pdns-admin'
- # SAML_SP_CONTACT_NAME = 'me'
- # SAML_SP_CONTACT_MAIL = 'me'
- # SAML_NAMEID_FORMAT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
- # SAML_ATTRIBUTE_USERNAME = 'http://schemas.goauthentik.io/2021/02/saml/username'
- # SAML_ATTRIBUTE_NAME = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'
- # SAML_ATTRIBUTE_EMAIL = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'
- # SAML_ATTRIBUTE_GROUP = 'http://schemas.xmlsoap.org/claims/Group'
- # SAML_GROUP_ADMIN_NAME = 'admin'
- # SAML_SIGN_REQUEST = False
- # SAML_ASSERTION_ENCRYPTED = False
- # SAML_WANT_MESSAGE_SIGNED = False
- # SAML_CERT = '/var/lib/pdns/saml.crt'
- '';
- };
-
- security.acme.certs = {
- "vapor.systems" = {
- extraDomainNames = [ "*.vapor.systems" ];
- };
- };
-
- services.nginx = {
- enable = true;
- defaultListenAddresses = [ "178.63.224.13" ];
- virtualHosts."ns.vapor.systems" = {
- addSSL = true;
- useACMEHost = "vapor.systems";
- locations."/" = {
- proxyPass = "http://10.10.0.1:8000";
- proxyWebsockets = true;
- extraConfig =
- "proxy_pass_header Authorization;"
- ;
- };
- };
- };
-
- systemd.services.powerdns-admin.serviceConfig = {
- BindPaths = [ "/run/postgresql" ];
- };
-
- services.postgresql = {
- ensureDatabases = [ "pdns" ];
- ensureUsers = [
- {
- name = "pdns";
- ensurePermissions = { "DATABASE pdns" = "ALL PRIVILEGES"; };
- }
- {
- name = "powerdnsadmin";
- ensurePermissions = { "DATABASE pdns" = "ALL PRIVILEGES"; };
- }
- ];
- };
};
}
diff --git a/modules/powerdns/primary.nix b/modules/powerdns/primary.nix
new file mode 100644
index 0000000..bfd9c0c
--- /dev/null
+++ b/modules/powerdns/primary.nix
@@ -0,0 +1,73 @@
+{ config, lib, pkgs, ... }:
+
+{
+ config = lib.mkIf (config.services.powerdns.role == "primary") {
+ services.powerdns-admin = {
+ enable = true;
+ secretKeyFile = "/var/lib/pdns/secret.key";
+ saltFile = "/var/lib/pdns/salt";
+ extraArgs = [ "-b" "10.10.0.1:8000" ];
+ config = ''
+ SQLALCHEMY_DATABASE_URI = 'postgresql://powerdnsadmin@/pdns?host=/run/postgresql'
+ # SAML_ENABLED = True
+ # SAML_DEBUG = True
+ # SAML_METADATA_URL = 'https://auth.vapor.systems/application/saml/powerdns/metadata/'
+ # SAML_METADATA_CACHE_LIFETIME = 1
+ # SAML_LOGOUT_URL = 'https://auth.vapor.systems/application/saml/powerdns/slo/binding/redirect/'
+ # SAML_SP_ENTITY_ID = 'pdns-admin'
+ # SAML_SP_CONTACT_NAME = 'me'
+ # SAML_SP_CONTACT_MAIL = 'me'
+ # SAML_NAMEID_FORMAT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
+ # SAML_ATTRIBUTE_USERNAME = 'http://schemas.goauthentik.io/2021/02/saml/username'
+ # SAML_ATTRIBUTE_NAME = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'
+ # SAML_ATTRIBUTE_EMAIL = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'
+ # SAML_ATTRIBUTE_GROUP = 'http://schemas.xmlsoap.org/claims/Group'
+ # SAML_GROUP_ADMIN_NAME = 'admin'
+ # SAML_SIGN_REQUEST = False
+ # SAML_ASSERTION_ENCRYPTED = False
+ # SAML_WANT_MESSAGE_SIGNED = False
+ # SAML_CERT = '/var/lib/pdns/saml.crt'
+ '';
+ };
+
+ security.acme.certs = {
+ "vapor.systems" = {
+ extraDomainNames = [ "*.vapor.systems" ];
+ };
+ };
+
+ services.nginx = {
+ enable = true;
+ defaultListenAddresses = [ "178.63.224.13" ];
+ virtualHosts."ns.vapor.systems" = {
+ addSSL = true;
+ useACMEHost = "vapor.systems";
+ locations."/" = {
+ proxyPass = "http://10.10.0.1:8000";
+ proxyWebsockets = true;
+ extraConfig =
+ "proxy_pass_header Authorization;"
+ ;
+ };
+ };
+ };
+
+ systemd.services.powerdns-admin.serviceConfig = {
+ BindPaths = [ "/run/postgresql" ];
+ };
+
+ services.postgresql = {
+ ensureDatabases = [ "pdns" ];
+ ensureUsers = [
+ {
+ name = "pdns";
+ ensurePermissions = { "DATABASE pdns" = "ALL PRIVILEGES"; };
+ }
+ {
+ name = "powerdnsadmin";
+ ensurePermissions = { "DATABASE pdns" = "ALL PRIVILEGES"; };
+ }
+ ];
+ };
+ };
+}
generated by cgit v1.2.3 (git 2.46.0) at 2026-02-15 10:26:56 +0000