diff --git a/.sops.yaml b/.sops.yaml index 14ebb91..909325f 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -12,6 +12,7 @@ keys: - &server_monitoring01 age1vpns76ykll8jgdlu3h05cur4ew2t3k7u03kxdg8y6ypfhsfhq9fqyurjey - &server_jelly01 age1hchvlf3apn8g8jq2743pw53sd6v6ay6xu6lqk0qufrjeccan9vzsc7hdfq - &server_nix-cache01 age1a0477laj9sdh79wdas5v7hzk6au8fach74njg8epfw2rdht90qjsakkwd6 + - &server_pgdb1 age1ha34qeksr4jeaecevqvv2afqem67eja2mvawlmrqsudch0e7fe7qtpsekv creation_rules: - path_regex: secrets/[^/]+\.(yaml|json|env|ini) key_groups: @@ -29,6 +30,7 @@ creation_rules: - *server_monitoring01 - *server_jelly01 - *server_nix-cache01 + - *server_pgdb1 - path_regex: secrets/ns3/[^/]+\.(yaml|json|env|ini) key_groups: - age: diff --git a/flake.nix b/flake.nix index 6b2ca4d..307af7e 100644 --- a/flake.nix +++ b/flake.nix @@ -279,6 +279,22 @@ sops-nix.nixosModules.sops ]; }; + pgdb1 = nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = { + inherit inputs self sops-nix; + }; + modules = [ + ( + { config, pkgs, ... }: + { + nixpkgs.overlays = [ overlay-unstable ]; + } + ) + ./hosts/pgdb1 + sops-nix.nixosModules.sops + ]; + }; }; }; } diff --git a/hosts/pgdb1/configuration.nix b/hosts/pgdb1/configuration.nix new file mode 100644 index 0000000..7ee76a9 --- /dev/null +++ b/hosts/pgdb1/configuration.nix @@ -0,0 +1,63 @@ +{ + pkgs, + ... +}: + +{ + imports = [ + ../template/hardware-configuration.nix + + ../../system + ../../common/vm + ]; + + nixpkgs.config.allowUnfree = true; + # Use the systemd-boot EFI boot loader. + boot.loader.grub = { + enable = true; + device = "/dev/sda"; + configurationLimit = 3; + }; + + networking.hostName = "pgdb1"; + networking.domain = "home.2rjus.net"; + networking.useNetworkd = true; + networking.useDHCP = false; + services.resolved.enable = true; + networking.nameservers = [ + "10.69.13.5" + "10.69.13.6" + ]; + + systemd.network.enable = true; + systemd.network.networks."ens18" = { + matchConfig.Name = "ens18"; + address = [ + "10.69.13.16/24" + ]; + routes = [ + { Gateway = "10.69.13.1"; } + ]; + linkConfig.RequiredForOnline = "routable"; + }; + time.timeZone = "Europe/Oslo"; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + nix.settings.tarball-ttl = 0; + environment.systemPackages = with pkgs; [ + vim + wget + git + ]; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + networking.firewall.enable = false; + + system.stateVersion = "23.11"; # Did you read the comment? +} diff --git a/hosts/pgdb1/default.nix b/hosts/pgdb1/default.nix new file mode 100644 index 0000000..68dc978 --- /dev/null +++ b/hosts/pgdb1/default.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + imports = [ + ./configuration.nix + ../../services/postgres + ]; +} diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index 6209c44..0ba2aa6 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -10,119 +10,128 @@ sops: - recipient: age1lznyk4ee7e7x8n92cq2n87kz9920473ks5u9jlhd3dczfzq4wamqept56u enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1WmRoM3lhZ1RvTDVjcjl4 - bU9tZjZWOFJXcG96Rms2SnduZ2RkRElJQkQwCkJmbTZHc2FvRk5xTzliWHZCVFlh - bnFQcnBFQ2RlQmJnQzdRR2xERHYvSU0KLS0tIHlVOGtsRWdDblUrdFpINmZtYXl0 - Y2VxbzVESi9vSzM4MStWQXFJSHg2aDgKw67BLRhD0WQbr7C2Ho+Di15WfnLPWiWb - MjJyyRsoKohn+E3wdaICs62oiz5Bf8dq9GBsU6VaD/8QtIudJ+hd+A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0cHhMeU5PWmhZSFhvVjJV + OXp6NmdzaDdTeXcyeUdWWi9oZ0gxRWJUcWlBCkU5WW5aYzVCY1ZqVDBmZVd0THdW + V0J5SUcxSkdWZUg1T3F4SzRrSzlWeEkKLS0tIHBkcXhtK1h0clJVa3huR0RGZmdP + RUlOZWI0VHFLV1Q3K3hrK1NIbWNwMncKEfqME0WIDqw9uMTuiIc+F+tmiHMB1EW3 + kmSqblbjYNO+FJY1CwOkYygC8nXlxzXPb1QbsnH14w+SsDpeLhG4mg== -----END AGE ENCRYPTED FILE----- - recipient: age1hz2lz4k050ru3shrk5j3zk3f8azxmrp54pktw5a7nzjml4saudesx6jsl0 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpNkNsRzlZVTJCU0FVczB5 - Z01nZ1UwU0U0WmVOd2xmWjdiblpiUFlVWW1JCkMrR2oxQitGanZuUUtJWEdTVkRR - T3BiSW9qUEl2SWx4UitUT2VRb284QWcKLS0tIEJDZ1hZVEF0bnd3czk3ZXpnWGRS - eHVyZUg5RFhwUU9XbVRxaEcrZFNJdFkKGr7JOBWuwrHNRcW+8S8yMvBADH1VUFUr - V6EcaQukop0l+ZntzlYoZSXrG1TmgZpQqZIsEA0dQqwwsbiyxvMELg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3YlM1MVA0ZkNSYyt3eDlw + aUYwSTRVR1FUYWZNWGRsQ0pnMkdISS91bVVZCmFGNm9keEFSVW1SK2dDME9NTVMy + WEVPWFRWWDg2UlBYb1YrZFc3TUZlSEEKLS0tIG15TjJ6dUVWLzVkaDl1bDU0N1BV + NStjK2ZXZVZJVVU2MTFYNFZ2KzJ3ZkEKhM2Re8f3x1KxJT0oNGBnGMCC9+N6+po+ + Nu7udt9X7sPd/kdj1PMDqFDEBNvhp9nXt6r+2XYql6PjbHeg78K+Ug== -----END AGE ENCRYPTED FILE----- - recipient: age1w2q4gm2lrcgdzscq8du3ssyvk6qtzm4fcszc92z9ftclq23yyydqdga5um enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuc3F1c2wxZVQyNS8rS2ZS - WHJHOWtEbWl4bm5NZVgybzUxaGkrV3I2RndvClowUEszaE55MVFnTFdpSURnbk16 - bFlRS0FDZDZkbFdVeW13dTBaN0w2SjQKLS0tIElYNkxzTVlkWi9qbFZIclRaejN4 - TmdjSVVVeThsUFRienI4b1RpZzVlN0UKCV8SfqIdIMS1GyUl3vBAACiMPlmGv94J - 0qHc1cDqA2O8Fei2AKh4dT00Mw9xugRoAqANwx/vbF3vFjmC/zIs5w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwQUJVZFRFRmE0cGQ0aUs2 + RUt4WDJDSnB6aVhpaHFUazdTcldVQkFFbG5JCnB3VFNmcjRRM3lyanU2ME8wdk5K + UHN5bzRaUG9RN01KRVV2U2gzbzdqcXcKLS0tIG9mK0VicnphYm9Va2NESk5zeWxy + Y2ZFZkFwcXRZSGZSeG9xS2JtZllTc0UKY7HGgtLzbaO8tQOWDj6UUMDOGWO3cbIf + /08r45vCFX4Civ1f0ssPUyFMcY+fPBNIMwR4hq343LwJfw1vY6stAw== -----END AGE ENCRYPTED FILE----- - recipient: age1snmhmpavqy7xddmw4nuny0u4xusqmnqxqarjmghkm5zaluff84eq5xatrd enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwcGdBcFdHUVMva0VjRGJI - aGdGSW1xRk8vb3gzejBJeitBMG8xZUxVYUdvCmF3aWRlNFV3Mk5zNDF1QVdKVCtC - aG5UaCt2UDFibnNMemVBa1YwSEFlVW8KLS0tIGRSZG9SRXhiekVBVUtkNjY2U3RF - S25xejRaNWYrdTJXaUNSVlhteVpxZUEKRsec24lAlB03DoHmbDr8jSCK1HfrZ4iG - +nEHRut0Iz+kUyMr0PS7PdmJd31Y8aqv7TgzHGRsfmznXsE2efw2OA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPWkE3SHR1b0NUQUQ1cjh1 + MEdpZUttMnBRQ1FaanFnMEkrL0ZDVjRBRzFZClFEOFBwQnYwVmlBLytIcU13YnBB + UGRJV2JHOXlIcHRVbzFkQTYrUjhVYUUKLS0tIC8wanFQTi9JdGZWdmhmTEtWT0N2 + QlQvL1NhSnhYYkxYbDBLb2VZWjBJb3MKZJD14vDH2/UAZuiAqD97sz1crlB6wmKI + ddmnaSQBVvA/Quez4uNe64T4ScSvados82U/e4U+saCfarZ3OvrLpg== -----END AGE ENCRYPTED FILE----- - recipient: age12a3nyvjs8jrwmpkf3tgawel3nwcklwsr35ktmytnvhpawqwzrsfqpgcy0q enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYeWNPbVFGbXJxSk5HTDdm - MTlKWUErRUNoTTFQelFYNDhrOGJVUXM1REY0CmNmSU1VT1Q2Wnlpa1llVlBWd1lZ - cFI0bUFqRDVDUkhVUDUvNXhHZFpQZHMKLS0tIG1wSmp1b0RBRm1Rdm55UlNRV3I3 - VUZsTXdVZUZadjhDY0VtajgyVlpFcEUKCW38fV0paaG8Ykjp4ed6EeKWJ93k86X7 - o4mejEcwl8cjD95qHc2zG2D5H7y80vcl/Vb2UOALOf4bKWk7kw3sjw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmWVp0b2tvSFlZbjdqdWgv + Q05lUVp1ZVVKczZ2UXNlcXJxbjNxYmNUT0NZCitQZlBiaEk0K0RSY1pKNU56OFNJ + MTR0dW55M3NxVTY0SjQvOU9PS0IyZUUKLS0tIDhVd3ZXU0czeHlNeEo0ek1KeXFu + dGhJakQ1cmR2MzB4Tnh5WWF4OFdSeW8KK9lU0EdYkqfLGx//hia+oaUl9InV6SKh + t6Oyp+Vlz2YHaSytz1CYuczuHl6BqOWFjzYYA2EqTTxcIEIcpcbyXQ== -----END AGE ENCRYPTED FILE----- - recipient: age1d2w5zece9647qwyq4vas9qyqegg96xwmg6c86440a6eg4uj6dd2qrq0w3l enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIQmNTdk5HWWc1ZE54K0hw - dU5Qb1FoNElGQStnYW9KT3o3dzVzeGQ1eUZFCnc0U1RyNkthZlY2RE5QRU9OQzB3 - aFVYV3JyYi91WmQ1Y2pBVVJMeWhKeHcKLS0tIHIzQ2tHb1YvUkxtaVdmc1IwNDZE - NXBtbUI2enJpanpaY1ZhZnU2andQZVkKejClL8wnqbRYPFUi9Vh1BJhvLpqAq9gq - nu+MZUpkEC4K/mn2wBQ9qMkUjpZRv0VcFFvAKIp8FqcwpjH5QWr8nw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBucURtNVJySzgzTzdra3Y5 + clpobjVzSHB3MUw0WUJzTHpyTHhVV0t2WkdzCkNCOWhIa2VjeUVJL2N6TUc0dVNQ + bVFpQk9FYXdTSExLdGZhQVlrRFhFTEEKLS0tIHhzb3I0WGZuZ3NEN1NGVU1ieHBi + WmpNc3FiVXE0TmZSSmpBdTR5MVliMncKHPFOsTF9kZ2mRvzrWDPIe/U9djEN7JyG + 8mSFEN7H6bbA+a9iA5IH8Zvkv37WwzNhU+BU8ZtRvjkcvTjxq9tB/Q== -----END AGE ENCRYPTED FILE----- - recipient: age1gcyfkxh4fq5zdp0dh484aj82ksz66wrly7qhnpv0r0p576sn9ekse8e9ju enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2UEhpNVFTNlpQdyt0cDlX - bkI1YnI3Y2UzMDRyZ1BmMGlSZEhsd1JuQmo4Ck4rV1Z2Z04wTmYvQmlLV1ZwVExU - SmIvUnBabU5ramxrMnhBL2IxZFRCOUUKLS0tIHVURnRsOU1jSW1TNFQ1d1JCeW44 - cFU5NXRVNHJsVmpYSjJZbmFxU2ZTRHcKXedWKUhU2yLunUfr01uDyDNe7DSrQTWk - 8aEWZEJ1JtyfcnnKLO164aRIj2YCiKXcZ+W7Xu8YeyLfHlSI+xMQ5A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXQmlOODV1N3h5Uk83TXhF + UkhFdTg4RWpndkErdFM1dmpHV2paZW9DYjFJCkpJdlhhMjhOd3RRYnJnQ2FQbmtV + ZHJIYTBQTTFKM3U4VEVBT011bkVWS3cKLS0tIE1kRzdaalpCS3g1L3Q4bUhTdU8v + YWJ5b3VCaU1yeURKMStmVnBOdzJVeGMKxJO15Fg4eDn/bpkSilze+iZ23qDAxOSz + kMEGeKGBuWONIL6jjHVO4TaYkt2gMISsM99uJgLYZCWzAUGc8OiK2Q== -----END AGE ENCRYPTED FILE----- - recipient: age1g5luz2rtel3surgzuh62rkvtey7lythrvfenyq954vmeyfpxjqkqdj3wt8 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtTXZGYWx5WUhGeDIzU3dv - Y1R3TVNZRE0zbjFldExxYksremorTmRtMHpZCnVTT2lwZ2RXUXRSM2g5NW04MVBt - eE90ZktFVHluSDZFYk12dURTditTMDQKLS0tIE56eUhYK1R4MzZDalJrcXA2SGVv - S0w2clZXbTZxYmFmcURJc25yYUd1OTQKYZv7uOaw8DsE8HM4EB4Evigm+g7APF1w - l5nZLEVZdaUBTnpbEoOdEZR9g1aHpV4xPcEyL+WapkPdv1DOpE81Jg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkTFF1SVpVKzA2aHBFeGJC + Tm1vU1V1SGhqR2t0cllzY3lOZzRRY1ZUc3l3Ck9oTnhUbDJTY3VpbkhOVzRQd0Vh + am93cE0ySUJPaWxnQmJFM095MU5yU3MKLS0tIHAybURnYU9oQVRzNWpDYjVqWWh4 + RysrWHl4K25WcWVIcGdQTEs2ZFY5Y1kKc4F7mRe/BB7v7I0vimQiA2K11l2mcmOi + mOjubEQUkcGtbr2eXajvKEU7Rx/EPWWAZTvOY73n9fc2MQbPt8VEPw== -----END AGE ENCRYPTED FILE----- - recipient: age1gq8434ku0xekqmvnseeunv83e779cg03c06gwrusnymdsr3rpufqx6vr3m enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0dWIzbWlxMlhYYWhnWG1r - WnJlSTZaeEQ5elZuVVJWWitIRUNzSEUrU1NzCktIaWFXN1lkeEFtTmw2dTFqY2dN - V3NjRlFVMExPT2FTWmh6WmduSkNqeVkKLS0tIHpJZ0Jkb0FFS0pvb05GMHNvRWRX - eTdlbCtyV09JcGEvbFdLU0haQTMxWHMKxVT+4B984uwhtCvBbxzK5QjFvla9yPTE - 4m8wXWUsJmrJxuSK5I/9wLqH4DnHImODyZp8+PH3nTPmXI1TyrQLew== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5amg3aWVRREFuYklaOVdz + NWZHSzJ3bGF0UGREcUZjeUwvNHBpTTdIdDFnCktUVEZTM3dEOUd1NHpITmgxSWZS + VXFqOFJMdnB2ZDU3azVmaVhIOEQ2SlEKLS0tIFZkYmFseS9VVW9GeDEvd0VaN0d1 + d1JJak1sTE5RWFBNelViRmhic1BSNncK9m0/4CLq53nA7xr7eTLhyvNhvHhTFBFE + e425OfpNYuB/qOq6PcBvRaJrEaNelf9/hXV7Ny/wBy1mzW0G4w0fVA== -----END AGE ENCRYPTED FILE----- - recipient: age1288993th0ge00reg4zqueyvmkrsvk829cs068eekjqfdprsrkeqql7mljk enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNZ2FqOFhhQk1vWEg4YnZG - TDdzMXZzcm80UFh0dnZQUzg4dkFqVHorREY0CmV1NGttd2pDUnNxRDV4TG1DNGI1 - WXNSUXdyUWhhK0dyRVFjOGduMi9hZncKLS0tIHZLRjNtNjVNQXVpWWhtR1h5Rkxu - SmcwOTVVbGZUL0JkcFZnWDlrUmF0cGMKnK/IJQqI3dnFiKtSeIQSz7cQdLeyOyBZ - wByn9C24M6Ah7cUuNqPUIabpmIffMkoPrE4QAw40QebIyANRGBF8PQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGWWk3UDdEb1hlRDgzc0lO + WkZWN3pDVmRqbEhrcXlSRkZwempFZlFIMUJjCng1cmlhOGVEYmQ3dXV1aVRNaWFv + emZWZTZTanZEcTBGRHJHWk94TGg5TUUKLS0tIHI4cXRHRmdYQ2ROWTBmbjJiTTdL + Z1I2blJsRFVvZm5xb2JQQ3RXT2xiYWcKrjLkx4USG75PyHNG+YZGGYP2hRBS3LBy + M+jKO27zg5yFEmukH+kSg1nFWyDyjIQv+FRvbRoakkyN+uprVjRVpg== -----END AGE ENCRYPTED FILE----- - recipient: age1vpns76ykll8jgdlu3h05cur4ew2t3k7u03kxdg8y6ypfhsfhq9fqyurjey enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrME9OcHVVL2RpQXpkZjd6 - eVV4NUZWSFFXRFY2bmtxc3NrNWRNYU1HVUY0ClJ2OWd3U2l4V2pVUlVlOWt4Z2VC - ZDQvTGN1UG9NT1QrN2JrcWRuZHRlaWMKLS0tIGMrTWFPTDg4d3dFdG8vSXZaV1FZ - S2t3dWp5akV4TDFaZ3laTmNjRTVERm8KtOdcTpsu5TniPEiBkiNO/KQRs2P7Igat - 2SoZpn6yIDiZEXdLX0cIlvUPrLR+ESWX/IjbgTY0P4U6RyoSqVMHkA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSMWxhYml3VzRJL1lUMzZD + dGJvazBSOEtzOUpZUzl5akZMZVJhNUtVaERNCitlNll6WkdlOXoyRVNnOVRLMFFj + anE4VlBBUEdkdy9YaVZGNFVmcmIvalkKLS0tIHBwVnMwcjZvemZ2a2NHVDRtUkVs + NEM2UFFaN0JkNCtXRXFhcTRMUnQya2sK1wHKS8h8rbrKjskkfaK2RP1ar2Mf6T/s + RkuoLtdnV0Iadfxf2gfzOVzxlK2XVKmuvY4lFy0jCPU6zH9+VYq0dA== -----END AGE ENCRYPTED FILE----- - recipient: age1hchvlf3apn8g8jq2743pw53sd6v6ay6xu6lqk0qufrjeccan9vzsc7hdfq enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMdGp2aUJJTEJvdUpSdG85 - eFR0K0JGZ1N0VDhYM3RZY3lhZ1dTOUduUEJvCkJzclhkdHpZWnA2LzRNZnZGQUhW - T0FEdWhGUk5LcHhlWk04Z0w1MHRLbHMKLS0tIEhoM2R4M0Y4MnpteWZkZUpMUjFn - V0tpd0NUOENqUUhzcTRyMnJNMUxLSnMKSSvydvS6LOtP0y6E1VA/MDQhAyMAMbgf - F3dJ0w1dmJDf9nPiXt+UWFf1cn60ulymP5YEgWJbILaSU++nG54MYw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCS29UZWs3VlBBemVpaUs5 + Kzk3cmh3bThLNlhyQ0tNRzllNXVCNDNkZWlZCkNkKy9ValI4dVRraDV6SFZRckFU + R0d0S0pVNzZvVDl2dnM4VzVLR1hLVkEKLS0tIHI5czJhUSszQzQwZ2R0RVdTaUEx + M2UrMklzanIyYytSd1AreFgyM2djSVEKiDeQ0EnL6UKUGxsmvuoD4XWbXzYlvb1H + +eO+cNIQooEWUfh4W59zoa+y0Yp6MT09IpUFNk6IbwyYm8E7jHwDLA== -----END AGE ENCRYPTED FILE----- - recipient: age1a0477laj9sdh79wdas5v7hzk6au8fach74njg8epfw2rdht90qjsakkwd6 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjL3Y4d0JhaEZvZ1UwL0dI - cXM2eHVwWFZkcFphTEIyclVIR2lFWnptK1JzClpONHlsZUIyS0krZ0V0SlZyNGJZ - dEVJY0dlVWsyNG1NSllOSnV3d0FVWVUKLS0tIHorVStkMllBdTJxWElRV0lpUlVG - VUxpR0R1QkduNlpuMFRIN0xzV1daeXMKjMWGfVy5a2UpHKrpUYkvTLJ7jIjj27q3 - TbLu4Y83C0TUDf3fVy7CBTt5OUHY8fyhdvxh+7Che2WKSlbyTwWbvg== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBySk9wZzdqOWRYbUtDQ1ZO + b0t0SkovOGt5RmliMzBZRU5YSG0wZ2dwSDFjCnE0WThjbC9yd1RTS3ZjT1UvNDNL + ZndmdnZNa3JrbXZnbVlWNis0ZDZrWEkKLS0tIHJpNXJsS0l0VzhLM1pQWUtSeXN2 + SkxRTTJIQTcxbTBaVFgvRStCNi9nOEkK1EvAo6sdt0Xy4VdFn+iSfbQcePjEbqI7 + AvJ0C/TmcfbzAJumVGUjBSN82/ZnrfPBpSbBbLheX+aZn1JqsSYJjQ== + -----END AGE ENCRYPTED FILE----- + - recipient: age1ha34qeksr4jeaecevqvv2afqem67eja2mvawlmrqsudch0e7fe7qtpsekv + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEcTliQmhZSlFSbmFWYjN0 + bURsbCtVUWsyMW1ZUmZlWTIzUXJVNGt2MEhRCis2ZnlFeHdBQmp5SStZOGhDTm1Q + akx2WjB3U2lSU0txcytucmNrT2lkOW8KLS0tIEVvRDEycE1rdmhNeXhLckZGM2hp + V0sxMkFxeVdSYjRFS2lmNGdvQTUrM00K2PzXzZsznJgA6hsyyjIqq6p90RGw7iWk + eIo9whQnbqOGTWZYmcv8s5W2DW+6PloB2U8XzTFyS9NJKI7q7jqGfA== -----END AGE ENCRYPTED FILE----- lastmodified: "2024-06-02T22:09:06Z" mac: ENC[AES256_GCM,data:cxJq4EMEMVEw0IUXNwtyQj4MaYIJ/Xo4OaY+3VLgIhYw6oBO9CmJxgLuXcSnGnr23oNE5OQF6ALv+vxF46D1pI0V1zhqKL6zMIs0DzPBwo7Arg166w5kGAT274jK7YWymeJ7fafWXYubLlGUthyVJS1BkvlqIhoe2BlTZ3bPyBs=,iv:Z2Uh9Oo4q/ce6DDLShs7JAX3XFNAVOGBmBPvRbGxaaU=,tag:6qZhZ4+tgtXl60b0Lx7Taw==,type:str] diff --git a/services/ns/zones-home-2rjus-net.conf b/services/ns/zones-home-2rjus-net.conf index f344127..595865f 100644 --- a/services/ns/zones-home-2rjus-net.conf +++ b/services/ns/zones-home-2rjus-net.conf @@ -1,7 +1,7 @@ $ORIGIN home.2rjus.net. $TTL 1800 @ IN SOA ns1.home.2rjus.net. admin.test.2rjus.net. ( - 2049 ; serial number + 2050 ; serial number 3600 ; refresh 900 ; retry 1209600 ; expire @@ -58,6 +58,7 @@ monitoring01 IN A 10.69.13.13 jelly01 IN A 10.69.13.14 nix-cache01 IN A 10.69.13.15 nix-cache IN CNAME nix-cache01 +pgdb1 IN A 10.69.13.16 ; http-proxy cnames nzbget IN CNAME http-proxy diff --git a/services/postgres/default.nix b/services/postgres/default.nix new file mode 100644 index 0000000..8fa5b28 --- /dev/null +++ b/services/postgres/default.nix @@ -0,0 +1,6 @@ +{ ... }: +{ + imports = [ + ./postgres.nix + ]; +} diff --git a/services/postgres/postgres.nix b/services/postgres/postgres.nix new file mode 100644 index 0000000..e31624a --- /dev/null +++ b/services/postgres/postgres.nix @@ -0,0 +1,12 @@ +{ pkgs, ... }: +{ + services.postgresql = { + enable = true; + enableJIT = true; + enableTCPIP = true; + authentication = '' + # Allow access to everything from gunter + host all all 10.69.30.105/32 scram-sha-256 + ''; + }; +}