'';
};
- secrets.keys = [
- {
- dest = "mysql/mysqldump";
+ secrets.keys = {
+ "mysql/mysqldump" = {
permissions = "0400";
user = "root";
group = "root";
user = root
password = ${cfg.credentials.root}
'';
- }
- {
- dest = "mysql/pam";
+ };
+ "mysql/pam" = {
permissions = "0400";
user = "mysql";
group = "mysql";
pam_filter ${filter}
ssl start_tls
'';
- }
- {
- dest = "mysql/pam_replication";
+ };
+ "mysql/pam_replication" = {
permissions = "0400";
user = "mysql";
group = "mysql";
pam_login_attribute cn
ssl start_tls
'';
- }
- ];
+ };
+ };
security.pam.services = let
pam_ldap = "${pkgs.pam_ldap}/lib/security/pam_ldap.so";
mysql = {
text = ''
# https://mariadb.com/kb/en/mariadb/pam-authentication-plugin/
- auth required ${pam_ldap} config=${config.secrets.location}/mysql/pam
- account required ${pam_ldap} config=${config.secrets.location}/mysql/pam
+ auth required ${pam_ldap} config=${config.secrets.fullPaths."mysql/pam"}
+ account required ${pam_ldap} config=${config.secrets.fullPaths."mysql/pam"}
'';
};
mysql_replication = {
text = ''
- auth required ${pam_ldap} config=${config.secrets.location}/mysql/pam_replication
- account required ${pam_ldap} config=${config.secrets.location}/mysql/pam_replication
+ auth required ${pam_ldap} config=${config.secrets.fullPaths."mysql/pam_replication"}
+ account required ${pam_ldap} config=${config.secrets.fullPaths."mysql/pam_replication"}
'';
};
};