diff options
Diffstat (limited to 'hosts/surtr/postgresql/default.nix')
-rw-r--r-- | hosts/surtr/postgresql/default.nix | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/hosts/surtr/postgresql/default.nix b/hosts/surtr/postgresql/default.nix index f0edfbac..54693b50 100644 --- a/hosts/surtr/postgresql/default.nix +++ b/hosts/surtr/postgresql/default.nix | |||
@@ -20,9 +20,9 @@ in { | |||
20 | repo1-retention-archive = 2; | 20 | repo1-retention-archive = 2; |
21 | 21 | ||
22 | repo2-host-type = "tls"; | 22 | repo2-host-type = "tls"; |
23 | repo2-host = "pgbackrest.vidhar.yggdrasil"; | 23 | repo2-host = "vidhar.yggdrasil.li"; |
24 | repo2-host-ca-file = toString ../../vidhar/pgbackrest/ca/ca.crt; | 24 | repo2-host-ca-file = toString ../../vidhar/pgbackrest/ca/ca.crt; |
25 | repo2-host-cert-file = toString ./pgbackrest.crt; | 25 | repo2-host-cert-file = toString ../../vidhar/pgbackrest/ca/surtr.crt; |
26 | repo2-host-key-file = config.sops.secrets."pgbackrest.key".path; | 26 | repo2-host-key-file = config.sops.secrets."pgbackrest.key".path; |
27 | repo2-retention-full-type = "time"; | 27 | repo2-retention-full-type = "time"; |
28 | repo2-retention-full = 14; | 28 | repo2-retention-full = 14; |
@@ -40,7 +40,7 @@ in { | |||
40 | "global:server" = { | 40 | "global:server" = { |
41 | tls-server-address = "2a03:4000:52:ada:1::"; | 41 | tls-server-address = "2a03:4000:52:ada:1::"; |
42 | tls-server-ca-file = toString ../../vidhar/pgbackrest/ca/ca.crt; | 42 | tls-server-ca-file = toString ../../vidhar/pgbackrest/ca/ca.crt; |
43 | tls-server-cert-file = toString ./pgbackrest.crt; | 43 | tls-server-cert-file = toString ../../vidhar/pgbackrest/ca/surtr.crt; |
44 | tls-server-key-file = config.sops.secrets."pgbackrest.key".path; | 44 | tls-server-key-file = config.sops.secrets."pgbackrest.key".path; |
45 | tls-server-auth = ["vidhar.yggdrasil=surtr"]; | 45 | tls-server-auth = ["vidhar.yggdrasil=surtr"]; |
46 | }; | 46 | }; |
@@ -64,7 +64,7 @@ in { | |||
64 | 64 | ||
65 | sops.secrets."pgbackrest.key" = { | 65 | sops.secrets."pgbackrest.key" = { |
66 | format = "binary"; | 66 | format = "binary"; |
67 | sopsFile = ./pgbackrest.key; | 67 | sopsFile = ../../vidhar/pgbackrest/ca/surtr.key; |
68 | owner = "postgres"; | 68 | owner = "postgres"; |
69 | group = "postgres"; | 69 | group = "postgres"; |
70 | mode = "0400"; | 70 | mode = "0400"; |