From d9317cd69a189da7d184eadee1afef27a9f921c0 Mon Sep 17 00:00:00 2001 From: Max Date: Sat, 10 Aug 2024 13:06:59 +0200 Subject: [PATCH] cluster/services/dns: use patroni incandescence --- cluster/services/dns/acme-dns-db-credentials.age | 16 ---------------- cluster/services/dns/authoritative.nix | 9 +++++---- cluster/services/dns/default.nix | 10 ++++++++++ 3 files changed, 15 insertions(+), 20 deletions(-) delete mode 100644 cluster/services/dns/acme-dns-db-credentials.age diff --git a/cluster/services/dns/acme-dns-db-credentials.age b/cluster/services/dns/acme-dns-db-credentials.age deleted file mode 100644 index f0b6cb7..0000000 --- a/cluster/services/dns/acme-dns-db-credentials.age +++ /dev/null @@ -1,16 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 NO562A YndVtONpmfFXYB1ASnPHsfczl1UbgZ2vccIrX2pEgx0 -VzH2UD583L6wBLMCo6faIGyHR4+zXXOUTgQduEiFOxI --> ssh-ed25519 5/zT0w +67r5S6PSFEgnrTu3eZpOd3eemZUdDOE+kjUw6GDgUM -jPzlW7hePFgsABUjryePu5yergQ2Qjczmmoxuo6CK+U --> ssh-ed25519 TCgorQ DGJPjJYpeibxM+8OwofUCdttIT2OdNbvQ66wpWQM8XU -JCNQ3bT21j2ZsxbzA6FieKIui6lsvk1p0nvNOT7YtFo --> ssh-ed25519 d3WGuA hIl5yluwf1f0DP5ZW1MalGPCj4XFYOu2sofwJSQZ6RE -BSHoe4cdRJlPrkc+taUIaIIUknexlGttzz2d9I3jtmk --> ssh-ed25519 YIaSKQ EbqXS/XFQHSXCbzDJmg4gGUxP9TX3+vOxWtNQDJ8ih4 -hNaWzoFG2iVef4Gm30LilGXYNsVkhmVt9dOvBo02mbM --> V]i@xRtJ-grease -NEPxMUZa76GclWOasWptt6QS7frMclp9o+kD4KCLJB7ucFOYK7xxWfAEMkjtadfP -m0bbgbw7Jcs9/lA8VNAG2D5jTBayGgpkBQZ4 ---- ViqZD8mJEKIMCZ5Q+wRQWR2FX/LMEfUwoumUtHlYabQ -KAÉû¹ÝgZü<šë*DfV6·=äG»+eœ`ºpª±ï÷­6°º[Û‘Û û¸¢ºÐý-H1»Ã›Íí[fV.¾¢HÁ"OhÐñŒ½j•ùö8ïßß$‰;Û‘&5äxw§/mŒëÖ‘ß^7î‘f5ÔµyÏŽÓûC‚´6”¹U•æýi-R=/_R„·==æà½1˜'Ò qÞ·ŒvÜcwø \ No newline at end of file diff --git a/cluster/services/dns/authoritative.nix b/cluster/services/dns/authoritative.nix index 5082224..27606df 100644 --- a/cluster/services/dns/authoritative.nix +++ b/cluster/services/dns/authoritative.nix @@ -43,9 +43,6 @@ in { links.localAuthoritativeDNS = {}; age.secrets = { - acmeDnsDbCredentials = { - file = ./acme-dns-db-credentials.age; - }; acmeDnsDirectKey = { file = ./acme-dns-direct-key.age; }; @@ -78,8 +75,12 @@ in { }; }; + services.locksmith.waitForSecrets.acme-dns = [ + "patroni-acmedns" + ]; + systemd.services.acme-dns.serviceConfig.EnvironmentFile = with config.age.secrets; [ - acmeDnsDbCredentials.path + "/run/locksmith/patroni-acmedns" acmeDnsDirectKey.path ]; diff --git a/cluster/services/dns/default.nix b/cluster/services/dns/default.nix index 6c2ed43..fa75ceb 100644 --- a/cluster/services/dns/default.nix +++ b/cluster/services/dns/default.nix @@ -58,6 +58,16 @@ in }; }; + patroni = { + databases.acmedns = {}; + users.acmedns = { + locksmith = { + nodes = config.services.dns.nodes.authoritative; + format = "envFile"; + }; + }; + }; + dns.records = { securedns.consulService = "securedns"; "acme-dns-challenge.internal".consulService = "acme-dns";