lew/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: trust over passwords

Browse source
This commit is contained in:
Lewis Wynne 2026-04-08 00:24:50 +01:00
parent 131f3b593d
commit 7699b076d8
1 changed files with 5 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

18
hosts/lab/shlink.nix
View file

@ -1,9 +1,5 @@
{ config, ... }:
{ config, pkgs, ... }:
{
sops.secrets.shlink-db-password = {
sopsFile = ../../secrets/shlink.yaml;
};
sops.secrets.shlink-api-key = {
sopsFile = ../../secrets/shlink.yaml;
};
@ -11,7 +7,6 @@
sops.templates.shlink-env = {
content = ''
INITIAL_API_KEY=${config.sops.placeholder.shlink-api-key}
DB_PASSWORD=${config.sops.placeholder.shlink-db-password}
'';
owner = "podman";
};
@ -22,14 +17,11 @@
ensureUsers = [{
name = "shlink";
ensureDBOwnership = true;
ensureClauses = {
login = true;
password = "SCRAM-SHA-256$4096:nhQwTFK7rhy8FOrhlgDnvg==$3eB9AlBwUxK1UOiwXAlP5wzxnmKUsBpB1UTsF0cRDIo=:GmxUtrGP6haTPnhPSOL42qsuPwEHV7tME1WfBNucGrU=";
};
}];
authentication = ''
host shlink shlink 127.0.0.1/32 scram-sha-256
host shlink shlink ::1/128 scram-sha-256
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host sameuser all 127.0.0.1/32 trust
host sameuser all ::1/128 trust
'';
};