stash some pdns changes

modules/powerdns-admin.nix

@@ -0,0 +1,37 @@
+{ lib, pkgs, config, ... }:
+let
+  cfg = import ./vars.nix;
+  webport = cfg.powerdns-admin.port;
+  webdbport = cfg.powerdns-admin.dbport;
+in
+{
+  imports = [
+    ./podman.nix
+    ./podman-postgresql.nix # for the database
+    #./nginx.nix             # for the webserver
+  ];
+
+  sops.secrets."powerdns-admin/db" = { };
+  sops.secrets."powerdns-admin/env" = { };
+
+  #services.podman-postgresql."${pdnsa_database}" = {
+  #  enable = true;
+  #  image = "docker.io/library/postgres:15-alpine";
+  #  port = (lib.strings.toInt webdbport);
+  #  passwordFile = config.sops.secrets."powerdns-admin/db".path;
+  #};
+
+  #virtualisation.oci-containers.containers.powerdnsadmin = {
+  #  image = "docker.io/powerdnsadmin/pda-legacy";
+  #  environment = {
+  #    TZ = "Europe/Berlin";
+  #  };
+  #  environmentFiles = [ config.sops.secrets."powerdns-admin/env".path ];
+  #  ports = [
+  #    "${webport}:80"
+  #  ];
+  #  extraOptions = cfg.podman.extraOptions;
+  #};
+
+}
+# vim: set et ts=2 sw=2 ai:

modules/powerdns.nix

@@ -1,7 +1,10 @@
-{ lib, pkgs, ... }:
+{ lib, pkgs, config, ... }:
 let
   #pdns_database = "/var/lib/powerdns/pdns.sqlite3";
   #pdnsa_database = "/var/lib/powerdns-admin/pdnsa.sqlite3";
+  cfg = import ./vars.nix;
+  webport = cfg.powerdns-admin.port;
+  webdbport = cfg.powerdns-admin.dbport;
   pdns_database = "pdns";
   pdns_user = "pdns";
   pdns_password = builtins.readFile /etc/nixos/keys/powerdns-dbpassword;
@@ -12,6 +15,17 @@ let
   pdns_api_key = builtins.readFile /etc/nixos/keys/powerdns-apikey;
 in
 {
+
+  imports = [
+    ./podman.nix
+    ./podman-postgresql.nix # for the database
+    ./postgresql.nix #to be dismissed
+    #./nginx.nix             # for the webserver
+  ];
+
+  #sops.secrets."powerdns-admin/db" = { };
+  #sops.secrets."powerdns-admin/env" = { };
+
   services.powerdns = {
     enable = true;
     extraConfig = ''
@@ -22,22 +36,31 @@ in
       gpgsql-password=${pdns_password}
       webserver=yes
       webserver-port=${pdns_web_port}
+      webserver-address=0.0.0.0
+      webserver-allow-from=0.0.0.0/0
       api=yes
       api-key=${pdns_api_key}
     '';
   };
 
-  services.powerdns-admin = {
+  #services.podman-postgresql."${pdnsa_database}" = {
-    enable = true;
+  #  enable = true;
-    secretKeyFile = "/etc/nixos/keys/powerdns-secret";
+  #  image = "docker.io/library/postgres:15-alpine";
-    saltFile = "/etc/nixos/keys/powerdns-salt";
+  #  port = (lib.strings.toInt webdbport);
-    extraArgs = [ "-b" "0.0.0.0:8000" ];
+  #  passwordFile = config.sops.secrets."powerdns-admin/db".path;
-    config = ''
+  #};
-      SQLALCHEMY_DATABASE_URI = 'postgresql://${pdnsa_database}@/${pdnsa_database}?host=/run/postgresql'
-    '';
-  };
 
-  imports = [ ./postgresql.nix ];
+  #virtualisation.oci-containers.containers.powerdnsadmin = {
+  #  image = "docker.io/powerdnsadmin/pda-legacy";
+  #  environment = {
+  #    TZ = "Europe/Berlin";
+  #  };
+  #  environmentFiles = [ config.sops.secrets."powerdns-admin/env".path ];
+  #  ports = [
+  #    "${webport}:80"
+  #  ];
+  #  extraOptions = cfg.podman.extraOptions;
+  #};
 
   services.postgresql = {
     ensureDatabases = [ pdns_database pdnsa_database];
@@ -62,18 +85,11 @@ in
     pdnsa_database
   ];
 
-  systemd.services."powerdns-admin" = {
-    after = [ "postgresql.service" ];
-    serviceConfig = {
-      BindReadOnlyPaths = [ "/run/postgresql/.s.PGSQL.5432" ];
-    };
-  };
-
   systemd.services."pdns.service" = {
     after = [ "postgresql.service" ];
   };
 
-  networking.firewall.allowedTCPPorts = [ 53 ];
+  networking.firewall.allowedTCPPorts = [ 53 5432 8081 ];
   networking.firewall.allowedUDPPorts = [ 53 ];
 }
 

modules/vars.nix

@@ -74,6 +74,7 @@
   };
 
   powerdns-admin.port = "8282";
+  powerdns-admin.dbport = "54322";
 
   stash.port = "9999";