X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=nixops%2Fmodules%2Fdatabases%2Fmysql.nix;h=a9ca8d326d1db8df00d21419c2586cdb7569af59;hb=7178c2b1009694c8a750dcd376a36c3d4bf90cf4;hp=95de9721ab3e6aff69a588452b875ba83759e1cb;hpb=1b3154e40a568a296c74759d68827366b5f26da9;p=perso%2FImmae%2FConfig%2FNix.git diff --git a/nixops/modules/databases/mysql.nix b/nixops/modules/databases/mysql.nix index 95de972..a9ca8d3 100644 --- a/nixops/modules/databases/mysql.nix +++ b/nixops/modules/databases/mysql.nix @@ -52,9 +52,9 @@ in { ''; }; - deployment.keys = { - mysqldump = { - destDir = "/run/keys/mysql"; + mySecrets.keys = [ + { + dest = "mysql/mysqldump"; permissions = "0400"; user = "root"; group = "root"; @@ -63,9 +63,9 @@ in { user = root password = ${myconfig.env.databases.mysql.systemUsers.root} ''; - }; - mysql-pam = { - destDir = "/run/keys/mysql"; + } + { + dest = "mysql/pam"; permissions = "0400"; user = "mysql"; group = "mysql"; @@ -77,14 +77,14 @@ in { pam_filter ${filter} ssl start_tls ''; - }; - }; + } + ]; services.cron = { enable = true; systemCronJobs = [ '' - 30 1,13 * * * root ${pkgs.mariadb}/bin/mysqldump --defaults-file=/run/keys/mysql/mysqldump --all-databases > /var/lib/mysql/backup.sql + 30 1,13 * * * root ${pkgs.mariadb}/bin/mysqldump --defaults-file=/var/secrets/mysql/mysqldump --all-databases > /var/lib/mysql/backup.sql '' ]; }; @@ -96,8 +96,8 @@ in { name = "mysql"; text = '' # https://mariadb.com/kb/en/mariadb/pam-authentication-plugin/ - auth required ${pam_ldap} config=/run/keys/mysql/mysql-pam - account required ${pam_ldap} config=/run/keys/mysql/mysql-pam + auth required ${pam_ldap} config=/var/secrets/mysql/pam + account required ${pam_ldap} config=/var/secrets/mysql/pam ''; } ];