allow non-ssl connections over tailscale
This commit is contained in:
parent
9f7f8469a0
commit
89731130cd
1 changed files with 8 additions and 7 deletions
15
flake.nix
15
flake.nix
|
@ -3,7 +3,7 @@
|
|||
|
||||
inputs = {
|
||||
nixpkgs = {
|
||||
url = "github:NixOS/nixpkgs/nixos-23.11";
|
||||
url = "github:NixOS/nixpkgs/nixos-24.05";
|
||||
};
|
||||
flake-utils = {
|
||||
url = "github:numtide/flake-utils";
|
||||
|
@ -569,12 +569,13 @@
|
|||
|
||||
systemd.services.postgresql = let
|
||||
hbaFile = pkgs.writeTextDir "pg_hba.conf" ''
|
||||
local all all ident map=default
|
||||
hostnossl all all all reject
|
||||
hostssl all all all scram-sha-256
|
||||
local replication all ident map=default
|
||||
hostnossl replication all all reject
|
||||
hostssl replication all all scram-sha-256
|
||||
local all all ident map=default
|
||||
hostnossl all all 100.64.0.0/16 scram-sha-256
|
||||
hostnossl all all all reject
|
||||
hostssl all all all scram-sha-256
|
||||
local replication all ident map=default
|
||||
hostnossl replication all all reject
|
||||
hostssl replication all all scram-sha-256
|
||||
'';
|
||||
identFile = pkgs.writeTextDir "pg_ident.conf" (
|
||||
''
|
||||
|
|
Loading…
Reference in a new issue