X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=virtual%2Fmodules%2Fdatabases%2Fdefault.nix;h=304ad8923484ad0c9c874ed52616485f10d00062;hb=6f4574e7b57043340a2a520c4bbeb17dde72e0ea;hp=cb3d5bfecd4f6a49faf76c879d1c8b9fc77e5c2c;hpb=56eba41617f405624330aa755fcbfc0af68cf64f;p=perso%2FImmae%2FConfig%2FNix.git

diff --git a/virtual/modules/databases/default.nix b/virtual/modules/databases/default.nix
index cb3d5bf..304ad89 100644
--- a/virtual/modules/databases/default.nix
+++ b/virtual/modules/databases/default.nix
@@ -1,4 +1,4 @@
-{ lib, pkgs, config, mylibs, ... }:
+{ lib, pkgs, config, myconfig, mylibs, ... }:
 let
     cfg = config.services.myDatabases;
 in {
@@ -57,18 +57,11 @@ in {
 
     networking.firewall.allowedTCPPorts = [ 3306 5432 ];
 
-    # FIXME: initial sync
-    # FIXME: backup
-    # FIXME: restart after pam
-    # FIXME: pam access doesn’t work (because of php module)
-    # FIXME: ssl
     services.mysql = rec {
       enable = cfg.mariadb.enable;
       package = pkgs.mariadb;
     };
 
-    # Cannot use eldiron: psql complains too much rights on the key, and
-    # setfacl cannot work properly because of acme prestart script
     security.acme.certs."postgresql" = config.services.myCertificates.certConfig // {
       user = "postgres";
       group = "postgres";
@@ -80,10 +73,9 @@ in {
     };
 
     system.activationScripts.postgresql = ''
-      install -m 0755 -o postgres -g postgres -d /run/postgresql
+      install -m 0755 -o postgres -g postgres -d ${myconfig.env.databases.postgresql.socket}
       '';
 
-    # FIXME: initial sync
     services.postgresql = rec {
       enable = cfg.postgresql.enable;
       package = pkgs.postgresql;
@@ -120,20 +112,18 @@ in {
 
     security.pam.services = let
       pam_ldap = pkgs.pam_ldap;
-      pam_ldap_mysql = assert mylibs.checkEnv "NIXOPS_MYSQL_PAM_PASSWORD";
-              pkgs.writeText "mysql.conf" ''
+      pam_ldap_mysql = pkgs.writeText "mysql.conf" ''
         host ldap.immae.eu
         base dc=immae,dc=eu
         binddn cn=mysql,cn=pam,ou=services,dc=immae,dc=eu
-        bindpw ${builtins.getEnv "NIXOPS_MYSQL_PAM_PASSWORD"}
+        bindpw ${myconfig.env.databases.mysql.pam_password}
         pam_filter memberOf=cn=users,cn=mysql,cn=pam,ou=services,dc=immae,dc=eu
         '';
-      pam_ldap_postgresql_replication = assert mylibs.checkEnv "NIXOPS_ELDIRON_LDAP_PASSWORD";
-              pkgs.writeText "postgresql.conf" ''
+      pam_ldap_postgresql_replication = pkgs.writeText "postgresql.conf" ''
         host ldap.immae.eu
         base dc=immae,dc=eu
         binddn cn=eldiron,ou=hosts,dc=immae,dc=eu
-        bindpw ${builtins.getEnv "NIXOPS_ELDIRON_LDAP_PASSWORD"}
+        bindpw ${myconfig.env.ldap.password}
         pam_login_attribute cn
         '';
     in [
@@ -161,22 +151,18 @@ in {
       }
     ];
 
-    # FIXME: backup
-    # Nextcloud: 14
-    # Mastodon: 13
-    # Mediagoblin: 12
     services.redis = rec {
       enable = config.services.myDatabases.redis.enable;
       bind = "127.0.0.1";
-      unixSocket = "/run/redis/redis.sock";
+      unixSocket = myconfig.env.databases.redis.socket;
       extraConfig = ''
         unixsocketperm 777
         maxclients 1024
         '';
     };
     system.activationScripts.redis = ''
-      mkdir -p /run/redis
-      chown redis /run/redis
+      mkdir -p $(dirname ${myconfig.env.databases.redis.socket})
+      chown redis $(dirname ${myconfig.env.databases.redis.socket})
     '';
   };
 }