X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=modules%2Fprivate%2Fdatabases%2Fmariadb.nix;h=101eb3fb7c850157b9b31786199d4a4084543cb5;hb=27da4e101d0180251762f93aace5aec112b6c7af;hp=36edaeb4ad5e52a8ef040c3afc775e6f8c5b5f08;hpb=258dd18bac4bf5dd03cf1098ffa35cb954f9e015;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/modules/private/databases/mariadb.nix b/modules/private/databases/mariadb.nix index 36edaeb..101eb3f 100644 --- a/modules/private/databases/mariadb.nix +++ b/modules/private/databases/mariadb.nix @@ -121,9 +121,8 @@ in { ''; }; - secrets.keys = [ - { - dest = "mysql/mysqldump"; + secrets.keys = { + "mysql/mysqldump" = { permissions = "0400"; user = "root"; group = "root"; @@ -132,9 +131,8 @@ in { user = root password = ${cfg.credentials.root} ''; - } - { - dest = "mysql/pam"; + }; + "mysql/pam" = { permissions = "0400"; user = "mysql"; group = "mysql"; @@ -146,9 +144,8 @@ in { pam_filter ${filter} ssl start_tls ''; - } - { - dest = "mysql/pam_replication"; + }; + "mysql/pam_replication" = { permissions = "0400"; user = "mysql"; group = "mysql"; @@ -160,8 +157,8 @@ in { pam_login_attribute cn ssl start_tls ''; - } - ]; + }; + }; security.pam.services = let pam_ldap = "${pkgs.pam_ldap}/lib/security/pam_ldap.so"; @@ -169,14 +166,14 @@ in { mysql = { text = '' # https://mariadb.com/kb/en/mariadb/pam-authentication-plugin/ - auth required ${pam_ldap} config=${config.secrets.location}/mysql/pam - account required ${pam_ldap} config=${config.secrets.location}/mysql/pam + auth required ${pam_ldap} config=${config.secrets.fullPaths."mysql/pam"} + account required ${pam_ldap} config=${config.secrets.fullPaths."mysql/pam"} ''; }; mysql_replication = { text = '' - auth required ${pam_ldap} config=${config.secrets.location}/mysql/pam_replication - account required ${pam_ldap} config=${config.secrets.location}/mysql/pam_replication + auth required ${pam_ldap} config=${config.secrets.fullPaths."mysql/pam_replication"} + account required ${pam_ldap} config=${config.secrets.fullPaths."mysql/pam_replication"} ''; }; };