lew/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: trust over passwords

Browse source
This commit is contained in:
Lewis Wynne 2026-04-08 00:24:50 +01:00
parent 131f3b593d
commit 7699b076d8
1 changed files with 5 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

18
hosts/lab/shlink.nix
View file

@ -1,9 +1,5 @@
{ config, ... }: { config, pkgs, ... }:
{ {
sops.secrets.shlink-db-password = {
sopsFile = ../../secrets/shlink.yaml;
};
sops.secrets.shlink-api-key = { sops.secrets.shlink-api-key = {
sopsFile = ../../secrets/shlink.yaml; sopsFile = ../../secrets/shlink.yaml;
}; };
@ -11,7 +7,6 @@
sops.templates.shlink-env = { sops.templates.shlink-env = {
content = '' content = ''
INITIAL_API_KEY=${config.sops.placeholder.shlink-api-key} INITIAL_API_KEY=${config.sops.placeholder.shlink-api-key}
DB_PASSWORD=${config.sops.placeholder.shlink-db-password}
''; '';
owner = "podman"; owner = "podman";
}; };
@ -22,14 +17,11 @@
ensureUsers = [{ ensureUsers = [{
name = "shlink"; name = "shlink";
ensureDBOwnership = true; ensureDBOwnership = true;
ensureClauses = {
login = true;
password = "SCRAM-SHA-256$4096:nhQwTFK7rhy8FOrhlgDnvg==$3eB9AlBwUxK1UOiwXAlP5wzxnmKUsBpB1UTsF0cRDIo=:GmxUtrGP6haTPnhPSOL42qsuPwEHV7tME1WfBNucGrU=";
};
}]; }];
authentication = '' authentication = pkgs.lib.mkOverride 10 ''
host shlink shlink 127.0.0.1/32 scram-sha-256 local all all trust
host shlink shlink ::1/128 scram-sha-256 host sameuser all 127.0.0.1/32 trust
host sameuser all ::1/128 trust
''; '';
}; };