gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix(postgresql): host auth

Browse source
This commit is contained in:
arcnmx 2024-01-23 11:55:26 -08:00
parent 31528db499
commit a8cd175500
1 changed files with 7 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
modules/nixos/postgres.nix
View file

@ -6,8 +6,14 @@
inherit (lib.modules) mkIf mkMerge mkOptionDefault mkDefault;
inherit (lib.options) mkOption mkEnableOption;
inherit (lib.lists) any;
inherit (lib.strings) hasInfix;
inherit (config) networking;
cfg = config.services.postgresql;
formatHost = host:
if hasInfix "/" host then host
else if hasInfix ":" host then "${host}/128"
else if hasInfix "." host then "${host}/32"
else throw "unsupported IP address ${host}";
ensureUserModule = { config, ... }: {
options = with lib.types; {
authentication = {
@ -46,7 +52,7 @@
(mkIf config.authentication.local.allow (cidrForNetwork.loopback.all ++ cidrForNetwork.local.all))
];
authentication = mkMerge (map (host: ''
host ${config.authentication.database} ${config.name} ${host} ${config.authentication.method}
host ${config.authentication.database} ${config.name} ${formatHost host} ${config.authentication.method}
'') config.authentication.hosts);
};
authentication.database = mkIf (config.ensureDBOwnership) (