blob: 60abfcef20dc8ea15ed5f83616e238937bfaccd0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
{ self, config, lib, pkgs, ... }:
{
config = lib.mkIf (config.services.powerdns.role == "primary") {
services.powerdns-admin = {
enable = true;
secretKeyFile = "/var/lib/pdns/secret.key";
saltFile = "/var/lib/pdns/salt";
extraArgs = [ "-b" "10.10.0.1:8000" ];
config = ''
SQLALCHEMY_DATABASE_URI = 'postgresql://powerdnsadmin@/pdns?host=/run/postgresql'
# SAML_ENABLED = True
# SAML_DEBUG = True
# SAML_METADATA_URL = 'https://auth.vapor.systems/application/saml/powerdns/metadata/'
# SAML_METADATA_CACHE_LIFETIME = 1
# SAML_LOGOUT_URL = 'https://auth.vapor.systems/application/saml/powerdns/slo/binding/redirect/'
# SAML_SP_ENTITY_ID = 'pdns-admin'
# SAML_SP_CONTACT_NAME = 'me'
# SAML_SP_CONTACT_MAIL = 'me'
# SAML_NAMEID_FORMAT = 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent'
# SAML_ATTRIBUTE_USERNAME = 'http://schemas.goauthentik.io/2021/02/saml/username'
# SAML_ATTRIBUTE_NAME = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'
# SAML_ATTRIBUTE_EMAIL = 'http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'
# SAML_ATTRIBUTE_GROUP = 'http://schemas.xmlsoap.org/claims/Group'
# SAML_GROUP_ADMIN_NAME = 'admin'
# SAML_SIGN_REQUEST = False
# SAML_ASSERTION_ENCRYPTED = False
# SAML_WANT_MESSAGE_SIGNED = False
# SAML_CERT = '/var/lib/pdns/saml.crt'
'';
};
security.acme.certs = {
"vapor.systems" = {
extraDomainNames = [ "*.vapor.systems" ];
};
};
services.nginx = {
enable = true;
virtualHosts."ns.vapor.systems" = self.lib.nginx.proxyDomain "vapor.systems" "http://10.10.0.1:8000";
};
systemd.services.powerdns-admin.serviceConfig = {
ExecStartPre = lib.mkForce "${pkgs.coreutils}/bin/env FLASK_APP=${pkgs.powerdns-admin}/share/powerdnsadmin/__init__.py SESSION_TYPE=sqlalchemy ${pkgs.python3Packages.flask}/bin/flask db upgrade -d ${pkgs.powerdns-admin}/share/migrations";
BindPaths = [ "/run/postgresql" ];
};
services.postgresql = {
ensureDatabases = [ "pdns" ];
ensureUsers = [
{
name = "pdns";
# ensurePermissions = { "DATABASE pdns" = "ALL PRIVILEGES"; };
}
{
name = "powerdnsadmin";
# ensurePermissions = { "DATABASE pdns" = "ALL PRIVILEGES"; };
}
];
};
};
}
|
