From dedf591df65bcd1222a9e053fd6fc7631f74ab7e Mon Sep 17 00:00:00 2001 From: =?utf8?q?Isma=C3=ABl=20Bouya?= Date: Fri, 28 Dec 2018 16:56:48 +0100 Subject: [PATCH] Add mysql --- virtual/eldiron.nix | 36 +++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/virtual/eldiron.nix b/virtual/eldiron.nix index 04b11b8..cfbb464 100644 --- a/virtual/eldiron.nix +++ b/virtual/eldiron.nix @@ -8,7 +8,7 @@ networking = { firewall = { enable = true; - allowedTCPPorts = [ 22 80 443 5432 ]; + allowedTCPPorts = [ 22 80 443 3306 5432 ]; }; }; @@ -62,7 +62,41 @@ }; }; + # FIXME: environment variables ? + security.pam.services = let + pam_ldap = pkgs.pam_ldap; + pam_ldap_mysql = pkgs.writeText "mysql.conf" '' + host ldap.immae.eu + base dc=immae,dc=eu + binddn cn=mysql,cn=pam,ou=services,dc=immae,dc=eu + bindpw ${builtins.getEnv "NIXOPS_MYSQL_PAM_PASSWORD"} + pam_filter memberOf=cn=users,cn=mysql,cn=pam,ou=services,dc=immae,dc=eu + ''; + in [ + { + name = "mysql"; + text = '' + # https://mariadb.com/kb/en/mariadb/pam-authentication-plugin/ + auth required ${pam_ldap}/lib/security/pam_ldap.so config=${pam_ldap_mysql} + account required ${pam_ldap}/lib/security/pam_ldap.so config=${pam_ldap_mysql} + ''; + } + ]; + + # FIXME: initial sync + # FIXME: backup + # FIXME: restart after pam + # FIXME: pam access doesn’t work (because of php module) + services.mysql = rec { + enable = true; + package = pkgs.mariadb.overrideAttrs(old: rec { + cmakeFlags = old.cmakeFlags ++ [ "-DWITH_AUTHENTICATION_PAM=ON" ]; + buildInputs = old.buildInputs ++ [ pkgs.pam ]; + }); + }; + # FIXME: initial sync + # FIXME: backup services.postgresql = rec { enable = true; package = pkgs.postgresql100.overrideAttrs(old: rec { -- 2.41.0