gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat(postgresql): int access

Browse source
This commit is contained in:
arcnmx 2024-03-25 17:16:36 -07:00
parent 6ad465e779
commit 80a5404d45
7 changed files with 24 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

13
modules/nixos/postgres.nix
View file

@ -40,7 +40,9 @@
allow = mkEnableOption "tailscale TCP connections";
};
int = {
allow = mkEnableOption "internal TCP connections";
allow = mkEnableOption "internal TCP connections" // {
default = config.authentication.local.allow;
};
};
local = {
allow = mkEnableOption "local TCP connections";
@ -87,7 +89,12 @@ in {
)
cfg.ensureUsers);
};
config.networking.firewall.interfaces.local = mkIf cfg.enable {
allowedTCPPorts = mkIf (any (user: user.authentication.local.allow) cfg.ensureUsers) [cfg.port];
config.networking.firewall.interfaces = {
local = mkIf cfg.enable {
allowedTCPPorts = mkIf (any (user: user.authentication.local.allow) cfg.ensureUsers) [cfg.port];
};
int = mkIf cfg.enable {
allowedTCPPorts = mkIf (any (user: user.authentication.int.allow) cfg.ensureUsers) [cfg.port];
};
};
}