{ self, config, lib, pkgs, ... }: { config = lib.mkIf (config.services.powerdns.role == "primary") { services.powerdns-admin = { enable = false; secretKeyFile = "/var/lib/pdns/secret.key"; saltFile = "/var/lib/pdns/salt"; extraArgs = [ "-b" "10.10.0.1:8000" ]; config = '' SQLALCHEMY_DATABASE_URI = 'postgresql://powerdnsadmin@/pdns?host=/run/postgresql' # SAML_ENABLED = True # SAML_DEBUG = True # SAML_METADATA_URL = 'https://auth.vapor.systems/application/saml/powerdns/metadata/' # SAML_METADATA_CACHE_LIFETIME = 1 # SAML_LOGOUT_URL = 'https://auth.vapor.systems/application/saml/powerdns/slo/binding/redirect/' # SAML_SP_ENTITY_ID = 'pdns-admin' # SAML_SP_CONTACT_NAME = 'me' # SAML_SP_CONTACT_MAIL = 'me' # SAML_NAMEID_FORMAT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent' # SAML_ATTRIBUTE_USERNAME = 'http://schemas.goauthentik.io/2021/02/saml/username' # SAML_ATTRIBUTE_NAME = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name' # SAML_ATTRIBUTE_EMAIL = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress' # SAML_ATTRIBUTE_GROUP = 'http://schemas.xmlsoap.org/claims/Group' # SAML_GROUP_ADMIN_NAME = 'admin' # SAML_SIGN_REQUEST = False # SAML_ASSERTION_ENCRYPTED = False # SAML_WANT_MESSAGE_SIGNED = False # SAML_CERT = '/var/lib/pdns/saml.crt' ''; }; security.acme.certs = { "vapor.systems" = { extraDomainNames = [ "*.vapor.systems" ]; }; }; services.nginx = { enable = true; virtualHosts."ns.vapor.systems" = self.lib.nginx.proxyDomain "vapor.systems" "http://10.10.0.1:8000"; }; systemd.services.powerdns-admin.serviceConfig = { BindPaths = [ "/run/postgresql" ]; }; services.postgresql = { ensureDatabases = [ "pdns" ]; ensureUsers = [ { name = "pdns"; # ensurePermissions = { "DATABASE pdns" = "ALL PRIVILEGES"; }; } { name = "powerdnsadmin"; # ensurePermissions = { "DATABASE pdns" = "ALL PRIVILEGES"; }; } ]; }; }; }