X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fprivate%2Fdatabases%2Fmariadb.nix;h=a7239c0e1c1150c12742847a3101e8bf0bdee63b;hb=4aac110f17f0528d90510eec00c9a8df60bcf04f;hp=cc99c3c6172da88d2c22766bee8aa3bf05b979d0;hpb=ffb14c1c25280777f5db3d2129c48dd319381f65;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/databases/mariadb.nix b/modules/private/databases/mariadb.nix
index cc99c3c..a7239c0 100644
--- a/modules/private/databases/mariadb.nix
+++ b/modules/private/databases/mariadb.nix
@@ -1,4 +1,4 @@
-{ lib, pkgs, config, myconfig,  ... }:
+{ lib, pkgs, config, ... }:
 let
     cfg = config.myServices.databases.mariadb;
 in {
@@ -10,6 +10,30 @@ in {
         description = "Whether to enable mariadb database";
         type = lib.types.bool;
       };
+      package = lib.mkOption {
+        type = lib.types.package;
+        default = pkgs.mariadb;
+        description = ''
+          Mariadb package to use.
+          '';
+      };
+      credentials = lib.mkOption {
+        default = {};
+        description = "Credentials";
+        type = lib.types.attrsOf lib.types.str;
+      };
+      ldapConfig = lib.mkOption {
+        description = "LDAP configuration to allow PAM identification via LDAP";
+        type = lib.types.submodule {
+          options = {
+            host = lib.mkOption { type = lib.types.str; };
+            base = lib.mkOption { type = lib.types.str; };
+            dn = lib.mkOption { type = lib.types.str; };
+            password = lib.mkOption { type = lib.types.str; };
+            filter = lib.mkOption { type = lib.types.str; };
+          };
+        };
+      };
       dataDir = lib.mkOption {
         type = lib.types.path;
         default = "/var/lib/mysql";
@@ -50,7 +74,7 @@ in {
     # CREATE USER foo@localhost IDENTIFIED VIA pam USING 'mysql';
     services.mysql = {
       enable = true;
-      package = pkgs.mariadb;
+      package = cfg.package;
       dataDir = cfg.dataDir;
       extraOptions = ''
         ssl_ca = ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
@@ -79,7 +103,7 @@ in {
         text = ''
           [mysqldump]
           user = root
-          password = ${myconfig.env.databases.mysql.systemUsers.root}
+          password = ${cfg.credentials.root}
         '';
       }
       {
@@ -87,14 +111,14 @@ in {
         permissions = "0400";
         user = "mysql";
         group = "mysql";
-        text = with myconfig.env.databases.mysql.pam; ''
-          host ${myconfig.env.ldap.host}
-          base ${myconfig.env.ldap.base}
+        text =  with cfg.ldapConfig; ''
+          host ${host}
+          base ${base}
           binddn ${dn}
           bindpw ${password}
           pam_filter ${filter}
           ssl start_tls
-          '';
+        '';
       }
     ];
 
@@ -102,7 +126,7 @@ in {
       enable = true;
       systemCronJobs = [
         ''
-          30 1,13 * * * root ${pkgs.mariadb}/bin/mysqldump --defaults-file=${config.secrets.location}/mysql/mysqldump --all-databases > ${cfg.dataDir}/backup.sql
+          30 1,13 * * * root ${cfg.package}/bin/mysqldump --defaults-file=${config.secrets.location}/mysql/mysqldump --all-databases > ${cfg.dataDir}/backup.sql
         ''
       ];
     };