X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fdatabases%2Fmariadb.nix;h=04e4bd626d02ee659eb5307e97a9671aa24c1ed8;hb=5400b9b6f65451d41a9106fae6fc00f97d83f4ef;hp=632306cf23193c3caf96aec68a5cdaae637afc7c;hpb=9f6a78629aad1d22dc8b928860fd05eb40f07352;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/modules/private/databases/mariadb.nix b/modules/private/databases/mariadb.nix
index 632306c..04e4bd6 100644
--- a/modules/private/databases/mariadb.nix
+++ b/modules/private/databases/mariadb.nix
@@ -96,12 +96,16 @@ in {
       dataDir = cfg.dataDir;
       extraOptions = ''
         ssl_ca = ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
-        ssl_key = ${config.security.acme.directory}/mysql/key.pem
-        ssl_cert = ${config.security.acme.directory}/mysql/fullchain.pem
+        ssl_key = ${config.security.acme.certs.mysql.directory}/key.pem
+        ssl_cert = ${config.security.acme.certs.mysql.directory}/fullchain.pem
 
         # for replication
         log-bin=mariadb-bin
         server-id=1
+
+        # this introduces a small delay before storing on disk, but
+        # makes it order of magnitudes quicker
+        innodb_flush_log_at_trx_commit = 0
         '';
     };
 
@@ -109,7 +113,7 @@ in {
     security.acme.certs."mysql" = config.myServices.databasesCerts // {
       user = "mysql";
       group = "mysql";
-      plugins = [ "fullchain.pem" "key.pem" "account_key.json" ];
+      plugins = [ "fullchain.pem" "key.pem" "account_key.json" "account_reg.json" ];
       domain = "db-1.immae.eu";
       postRun = ''
         systemctl restart mysql.service