tlaternet/tlaternet-server
1
0
Fork 0
Code Issues 9 Pull requests Releases Activity

postgres: Set auth method to "reject"

Browse source 
This will reject connections from anywhere except 127.0.0.1, i.e., the
pod's network namespace.

This makes password authentication properly obsolete, instead of just
hiding the password (but still never authenticating with it), but
required a change upstream:
https://github.com/docker-library/postgres/pull/859
This commit is contained in:
Tristan Daniël Maat 2021-06-10 23:39:42 +01:00
parent e3f0095b47
commit d63edbecc7
Signed by: tlater
GPG key ID: 49670FD774E43268
2 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
configuration/services/gitea.nix
View file

@ -42,6 +42,7 @@
environment = { environment = {
POSTGRES_DB = "gitea"; POSTGRES_DB = "gitea";
POSTGRES_USER = "gitea"; POSTGRES_USER = "gitea";
POSTGRES_HOST_AUTH_METHOD = "reject";
}; };
volumes = [ "gitea-db-data:/var/lib/postgresql/data" ]; volumes = [ "gitea-db-data:/var/lib/postgresql/data" ];
}; };

1
configuration/services/nextcloud.nix
View file

@ -43,6 +43,7 @@
environment = { environment = {
POSTGRES_DB = "nextcloud"; POSTGRES_DB = "nextcloud";
POSTGRES_USER = "nextcloud"; POSTGRES_USER = "nextcloud";
POSTGRES_HOST_AUTH_METHOD = "reject";
}; };
volumes = [ "nextcloud-db-data:/var/lib/postgresql/data" ]; volumes = [ "nextcloud-db-data:/var/lib/postgresql/data" ];
}; };