diff --git a/modules/powerdns-admin.nix b/modules/powerdns-admin.nix new file mode 100644 index 0000000..7c4e6bb --- /dev/null +++ b/modules/powerdns-admin.nix @@ -0,0 +1,37 @@ +{ lib, pkgs, config, ... }: +let + cfg = import ./vars.nix; + webport = cfg.powerdns-admin.port; + webdbport = cfg.powerdns-admin.dbport; +in +{ + imports = [ + ./podman.nix + ./podman-postgresql.nix # for the database + #./nginx.nix # for the webserver + ]; + + sops.secrets."powerdns-admin/db" = { }; + sops.secrets."powerdns-admin/env" = { }; + + #services.podman-postgresql."${pdnsa_database}" = { + # enable = true; + # image = "docker.io/library/postgres:15-alpine"; + # port = (lib.strings.toInt webdbport); + # passwordFile = config.sops.secrets."powerdns-admin/db".path; + #}; + + #virtualisation.oci-containers.containers.powerdnsadmin = { + # image = "docker.io/powerdnsadmin/pda-legacy"; + # environment = { + # TZ = "Europe/Berlin"; + # }; + # environmentFiles = [ config.sops.secrets."powerdns-admin/env".path ]; + # ports = [ + # "${webport}:80" + # ]; + # extraOptions = cfg.podman.extraOptions; + #}; + +} +# vim: set et ts=2 sw=2 ai: diff --git a/modules/powerdns.nix b/modules/powerdns.nix index 3343dde..7dc21dd 100644 --- a/modules/powerdns.nix +++ b/modules/powerdns.nix @@ -1,7 +1,10 @@ -{ lib, pkgs, ... }: +{ lib, pkgs, config, ... }: let #pdns_database = "/var/lib/powerdns/pdns.sqlite3"; #pdnsa_database = "/var/lib/powerdns-admin/pdnsa.sqlite3"; + cfg = import ./vars.nix; + webport = cfg.powerdns-admin.port; + webdbport = cfg.powerdns-admin.dbport; pdns_database = "pdns"; pdns_user = "pdns"; pdns_password = builtins.readFile /etc/nixos/keys/powerdns-dbpassword; @@ -12,6 +15,17 @@ let pdns_api_key = builtins.readFile /etc/nixos/keys/powerdns-apikey; in { + + imports = [ + ./podman.nix + ./podman-postgresql.nix # for the database + ./postgresql.nix #to be dismissed + #./nginx.nix # for the webserver + ]; + + #sops.secrets."powerdns-admin/db" = { }; + #sops.secrets."powerdns-admin/env" = { }; + services.powerdns = { enable = true; extraConfig = '' @@ -22,22 +36,31 @@ in gpgsql-password=${pdns_password} webserver=yes webserver-port=${pdns_web_port} + webserver-address=0.0.0.0 + webserver-allow-from=0.0.0.0/0 api=yes api-key=${pdns_api_key} ''; }; - services.powerdns-admin = { - enable = true; - secretKeyFile = "/etc/nixos/keys/powerdns-secret"; - saltFile = "/etc/nixos/keys/powerdns-salt"; - extraArgs = [ "-b" "0.0.0.0:8000" ]; - config = '' - SQLALCHEMY_DATABASE_URI = 'postgresql://${pdnsa_database}@/${pdnsa_database}?host=/run/postgresql' - ''; - }; + #services.podman-postgresql."${pdnsa_database}" = { + # enable = true; + # image = "docker.io/library/postgres:15-alpine"; + # port = (lib.strings.toInt webdbport); + # passwordFile = config.sops.secrets."powerdns-admin/db".path; + #}; - imports = [ ./postgresql.nix ]; + #virtualisation.oci-containers.containers.powerdnsadmin = { + # image = "docker.io/powerdnsadmin/pda-legacy"; + # environment = { + # TZ = "Europe/Berlin"; + # }; + # environmentFiles = [ config.sops.secrets."powerdns-admin/env".path ]; + # ports = [ + # "${webport}:80" + # ]; + # extraOptions = cfg.podman.extraOptions; + #}; services.postgresql = { ensureDatabases = [ pdns_database pdnsa_database]; @@ -62,18 +85,11 @@ in pdnsa_database ]; - systemd.services."powerdns-admin" = { - after = [ "postgresql.service" ]; - serviceConfig = { - BindReadOnlyPaths = [ "/run/postgresql/.s.PGSQL.5432" ]; - }; - }; - systemd.services."pdns.service" = { after = [ "postgresql.service" ]; }; - networking.firewall.allowedTCPPorts = [ 53 ]; + networking.firewall.allowedTCPPorts = [ 53 5432 8081 ]; networking.firewall.allowedUDPPorts = [ 53 ]; } diff --git a/modules/vars.nix b/modules/vars.nix index 180b1fe..9e751e1 100644 --- a/modules/vars.nix +++ b/modules/vars.nix @@ -74,6 +74,7 @@ }; powerdns-admin.port = "8282"; + powerdns-admin.dbport = "54322"; stash.port = "9999";