diff options
| author | Griffin Smith <grfn@gws.fyi> | 2020-07-28T01·30-0400 |
|---|---|---|
| committer | glittershark <grfn@gws.fyi> | 2020-07-28T01·35+0000 |
| commit | d9262bd6c68ddf39cc22c147ecf40867f4ec3fb9 (patch) | |
| tree | dc1e32ce587fd511a3c111a18898f493299e450c /ops/nixos/whitby | |
| parent | b2c34c4ba3ec7e8bf3110c05b31dc909c395e916 (diff) | |
feat(ops/nixos): Use database password for Panettone r/1502
It appears this didn't even *work* without a password, so we've been forced into being more secure. Change-Id: I4ff9d04961a703a85299dafb79e8447b0a933fc1 Reviewed-on: https://cl.tvl.fyi/c/depot/+/1491 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
Diffstat (limited to 'ops/nixos/whitby')
| -rw-r--r-- | ops/nixos/whitby/default.nix | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/ops/nixos/whitby/default.nix b/ops/nixos/whitby/default.nix index ad631e7959b3..f28e8789f821 100644 --- a/ops/nixos/whitby/default.nix +++ b/ops/nixos/whitby/default.nix @@ -221,6 +221,7 @@ in lib.fix(self: { enable = true; dbUser = "panettone"; dbName = "panettone"; + secretsFile = "/etc/secrets/panettone"; }; }; @@ -228,10 +229,12 @@ in lib.fix(self: { enable = true; enableTCPIP = true; - authentication = lib.mkOverride 10 '' + authentication = lib.mkForce '' local all all trust - host all all ::1/128 trust - hostnossl all all ::1/128 trust + host all all 127.0.0.1/32 password + host all all ::1/128 password + hostnossl all all 127.0.0.1/32 password + hostnossl all all ::1/128 password ''; ensureDatabases = [ |