Allow unsafe code in dilion (wip for safe secrets)

[perso/Immae/Config/Nix.git] / modules / private / databases / mariadb_replication.nix

diff --git a/modules/private/databases/mariadb_replication.nix b/modules/private/databases/mariadb_replication.nix
index 52a34d3e20d9fc91671f7e7b766f93bce205f385..ae54265a7191fb320022ebe33f1a50f082d957a5 100644 (file)
--- a/modules/private/databases/mariadb_replication.nix
+++ b/modules/private/databases/mariadb_replication.nix
@@ -138,16 +138,18 @@ in
 
               set -euo pipefail
 
+              filename=${backupDir}/$(${pkgs.coreutils}/bin/date -Iminutes).sql
               ${hcfg.package}/bin/mysqldump \
                 --defaults-file=${config.secrets.location}/mysql_replication/${name}/mysqldump \
                 -S /run/mysqld_${name}/mysqld.sock \
                 --gtid \
                 --master-data \
                 --flush-privileges \
-                --all-databases > ${backupDir}/$(${pkgs.coreutils}/bin/date -Iseconds).sql
+                --all-databases > $filename
+              ${pkgs.gzip}/bin/gzip $filename
             '';
           u = pkgs.callPackage ./utils.nix {};
-          cleanup_script = pkgs.writeScript "cleanup_mysql_${name}" (u.exponentialDumps "sql" backupDir);
+          cleanup_script = pkgs.writeScript "cleanup_mysql_${name}" (u.exponentialDumps "sql.gz" backupDir);
         in [
           "0 22,4,10,16 * * * root ${backup_script}"
           "0 3 * * * root ${cleanup_script}"
@@ -167,6 +169,7 @@ in
       lib.attrsets.nameValuePair "mysql/${name}_my.cnf" {
         text = ''
           [mysqld]
+          skip-networking
           socket = /run/mysqld_${name}/mysqld.sock
           datadir = ${cfg.base}/${name}/mysql/
           log-bin = mariadb-bin