Use attrs for secrets instead of lists

[perso/Immae/Config/Nix.git] / modules / private / databases / mariadb_replication.nix

diff --git a/modules/private/databases/mariadb_replication.nix b/modules/private/databases/mariadb_replication.nix
index b89c764ec536d6e012a82b4aaeebcdd2c3e6ba85..68e6f7fdd809590e503d35d7e4793539b9d695a2 100644 (file)
--- a/modules/private/databases/mariadb_replication.nix
+++ b/modules/private/databases/mariadb_replication.nix
@@ -81,9 +81,8 @@ in
     };
     users.groups.mysql.gid = config.ids.gids.mysql;
 
-    secrets.keys = lib.flatten (lib.mapAttrsToList (name: hcfg: [
-      {
-        dest = "mysql_replication/${name}/slave_init_commands";
+    secrets.keys = lib.listToAttrs (lib.flatten (lib.mapAttrsToList (name: hcfg: [
+      (lib.nameValuePair "mysql_replication/${name}/slave_init_commands" {
         user = "mysql";
         group = "mysql";
         permissions = "0400";
@@ -91,9 +90,8 @@ in
           CHANGE MASTER TO master_host="${hcfg.host}", master_port=${hcfg.port}, master_user="${hcfg.user}", master_password="${hcfg.password}", master_ssl=1, master_use_gtid=slave_pos;
           START SLAVE;
           '';
-      }
-      {
-        dest = "mysql_replication/${name}/mysqldump_remote";
+      })
+      (lib.nameValuePair "mysql_replication/${name}/mysqldump_remote" {
         permissions = "0400";
         user = "root";
         group = "root";
@@ -102,9 +100,8 @@ in
           user = ${hcfg.user}
           password = ${hcfg.password}
         '';
-      }
-      {
-        dest = "mysql_replication/${name}/mysqldump";
+      })
+      (lib.nameValuePair "mysql_replication/${name}/mysqldump" {
         permissions = "0400";
         user = "root";
         group = "root";
@@ -113,9 +110,8 @@ in
           user = ${hcfg.dumpUser}
           password = ${hcfg.dumpPassword}
         '';
-      }
-      {
-        dest = "mysql_replication/${name}/client";
+      })
+      (lib.nameValuePair "mysql_replication/${name}/client" {
         permissions = "0400";
         user = "mysql";
         group = "mysql";
@@ -124,8 +120,8 @@ in
           user = ${hcfg.dumpUser}
           password = ${hcfg.dumpPassword}
         '';
-      }
-    ]) cfg.hosts);
+      })
+    ]) cfg.hosts));
 
     services.cron = {
       enable = true;
@@ -140,7 +136,7 @@ in
 
               filename=${backupDir}/$(${pkgs.coreutils}/bin/date -Iminutes).sql
               ${hcfg.package}/bin/mysqldump \
-                --defaults-file=${config.secrets.location}/mysql_replication/${name}/mysqldump \
+                --defaults-file=${config.secrets.fullPaths."mysql_replication/${name}/mysqldump"} \
                 -S /run/mysqld_${name}/mysqld.sock \
                 --gtid \
                 --master-data \
@@ -194,7 +190,7 @@ in
           if ! test -e ${dataDir}/mysql; then
             if ! test -e ${dataDir}/initial.sql; then
               ${hcfg.package}/bin/mysqldump \
-                --defaults-file=${config.secrets.location}/mysql_replication/${name}/mysqldump_remote \
+                --defaults-file=${config.secrets.fullPaths."mysql_replication/${name}/mysqldump_remote"} \
                 -h ${hcfg.host} \
                 -P ${hcfg.port} \
                 --ssl \
@@ -235,7 +231,7 @@ in
                   cat \
                     ${sql_before} \
                     ${dataDir}/initial.sql \
-                    ${config.secrets.location}/mysql_replication/${name}/slave_init_commands \
+                    ${config.secrets.fullPaths."mysql_replication/${name}/slave_init_commands"} \
                     | ${hcfg.package}/bin/mysql \
                     --defaults-file=/etc/mysql/${name}_my.cnf \
                     -S /run/mysqld_${name}/mysqld.sock \