privatevoid.net/depot
1
1
Fork 0
Code Issues 23 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

cluster/services/dns: use patroni incandescence

Browse source
This commit is contained in:
Max Headroom 2024-08-10 13:06:59 +02:00
parent 6d78b69601
commit 5d9ff62afe
2 changed files with 15 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
cluster/services/dns/authoritative.nix
View file

@ -43,9 +43,6 @@ in {
links.localAuthoritativeDNS = {}; links.localAuthoritativeDNS = {};
age.secrets = { age.secrets = {
acmeDnsDbCredentials = {
file = ./acme-dns-db-credentials.age;
};
acmeDnsDirectKey = { acmeDnsDirectKey = {
file = ./acme-dns-direct-key.age; file = ./acme-dns-direct-key.age;
}; };
@ -78,8 +75,12 @@ in {
}; };
}; };
services.locksmith.waitForSecrets.acme-dns = [
"patroni-acmedns"
];
systemd.services.acme-dns.serviceConfig.EnvironmentFile = with config.age.secrets; [ systemd.services.acme-dns.serviceConfig.EnvironmentFile = with config.age.secrets; [
acmeDnsDbCredentials.path "/run/locksmith/patroni-acmedns"
acmeDnsDirectKey.path acmeDnsDirectKey.path
]; ];

10
cluster/services/dns/default.nix
View file

@ -58,6 +58,16 @@ in
}; };
}; };
patroni = {
databases.acmedns = {};
users.acmedns = {
locksmith = {
nodes = config.services.dns.nodes.authoritative;
format = "envFile";
};
};
};
dns.records = { dns.records = {
securedns.consulService = "securedns"; securedns.consulService = "securedns";
"acme-dns-challenge.internal".consulService = "acme-dns"; "acme-dns-challenge.internal".consulService = "acme-dns";