+ secrets.keys = [
+ {
+ dest = "mysql/mysqldump";
+ permissions = "0400";
+ user = "root";
+ group = "root";
+ text = ''
+ [mysqldump]
+ user = root
+ password = ${myconfig.env.databases.mysql.systemUsers.root}
+ '';
+ }
+ {
+ dest = "mysql/pam";
+ permissions = "0400";
+ user = "mysql";
+ group = "mysql";
+ text = with myconfig.env.databases.mysql.pam; ''
+ host ${myconfig.env.ldap.host}
+ base ${myconfig.env.ldap.base}
+ binddn ${dn}
+ bindpw ${password}
+ pam_filter ${filter}
+ ssl start_tls
+ '';
+ }
+ ];
+
+ services.cron = {
+ enable = true;
+ systemCronJobs = [
+ ''
+ 30 1,13 * * * root ${pkgs.mariadb}/bin/mysqldump --defaults-file=/var/secrets/mysql/mysqldump --all-databases > /var/lib/mysql/backup.sql
+ ''
+ ];
+ };
+