From a2fc820a3626b25390215bbdbc6ef4aa27efcdcc Mon Sep 17 00:00:00 2001 From: Max Date: Sat, 10 Aug 2024 13:06:59 +0200 Subject: [PATCH] cluster/services/dns: use patroni incandescence --- cluster/services/dns/authoritative.nix | 9 +++++---- cluster/services/dns/default.nix | 10 ++++++++++ 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/cluster/services/dns/authoritative.nix b/cluster/services/dns/authoritative.nix index 5082224..27606df 100644 --- a/cluster/services/dns/authoritative.nix +++ b/cluster/services/dns/authoritative.nix @@ -43,9 +43,6 @@ in { links.localAuthoritativeDNS = {}; age.secrets = { - acmeDnsDbCredentials = { - file = ./acme-dns-db-credentials.age; - }; acmeDnsDirectKey = { file = ./acme-dns-direct-key.age; }; @@ -78,8 +75,12 @@ in { }; }; + services.locksmith.waitForSecrets.acme-dns = [ + "patroni-acmedns" + ]; + systemd.services.acme-dns.serviceConfig.EnvironmentFile = with config.age.secrets; [ - acmeDnsDbCredentials.path + "/run/locksmith/patroni-acmedns" acmeDnsDirectKey.path ]; diff --git a/cluster/services/dns/default.nix b/cluster/services/dns/default.nix index 6c2ed43..fa75ceb 100644 --- a/cluster/services/dns/default.nix +++ b/cluster/services/dns/default.nix @@ -58,6 +58,16 @@ in }; }; + patroni = { + databases.acmedns = {}; + users.acmedns = { + locksmith = { + nodes = config.services.dns.nodes.authoritative; + format = "envFile"; + }; + }; + }; + dns.records = { securedns.consulService = "securedns"; "acme-dns-challenge.internal".consulService = "acme-dns";