cluster/services/dns: use patroni incandescence

This commit is contained in:
Max Headroom 2024-08-10 13:06:59 +02:00
parent 39294744df
commit 68355bb656
2 changed files with 15 additions and 4 deletions

View file

@ -43,9 +43,6 @@ in {
links.localAuthoritativeDNS = {};
age.secrets = {
acmeDnsDbCredentials = {
file = ./acme-dns-db-credentials.age;
};
acmeDnsDirectKey = {
file = ./acme-dns-direct-key.age;
};
@ -78,8 +75,12 @@ in {
};
};
services.locksmith.waitForSecrets.acme-dns = [
"patroni-acmedns"
];
systemd.services.acme-dns.serviceConfig.EnvironmentFile = with config.age.secrets; [
acmeDnsDbCredentials.path
"/run/locksmith/patroni-acmedns"
acmeDnsDirectKey.path
];

View file

@ -58,6 +58,16 @@ in
};
};
patroni = {
databases.acmedns = {};
users.acmedns = {
locksmith = {
nodes = config.services.dns.nodes.authoritative;
format = "envFile";
};
};
};
dns.records = {
securedns.consulService = "securedns";
"acme-dns-challenge.internal".consulService = "acme-dns";