+++ /dev/null
-{ lib, config, nodes, ... }:
-let
- cfg = config.myServices.databases;
-in
-{
- options.myServices = {
- databases.enable = lib.mkEnableOption "my databases service";
- databasesCerts = lib.mkOption {
- description = "Default databases configurations for certificates as accepted by acme";
- };
- };
-
- config.myServices.databases = lib.mkIf cfg.enable {
- mariadb = {
- enable = true;
- ldapConfig = {
- inherit (config.myEnv.ldap) host base;
- inherit (config.myEnv.databases.mysql.pam) dn filter password;
- };
- replicationLdapConfig = {
- inherit (config.myEnv.ldap) host base;
- inherit (config.myEnv.servers.eldiron.ldap) dn password;
- };
- credentials.root = config.myEnv.databases.mysql.systemUsers.root;
- };
-
- openldap = {
- accessFile = ../../../nixops/secrets/ldap.conf;
- baseDn = config.myEnv.ldap.base;
- rootDn = config.myEnv.ldap.root_dn;
- rootPw = config.myEnv.ldap.root_pw;
- enable = true;
- };
-
- postgresql = {
- ldapConfig = {
- inherit (config.myEnv.ldap) host base;
- inherit (config.myEnv.databases.postgresql.pam) dn filter password;
- };
- replicationLdapConfig = {
- inherit (config.myEnv.ldap) host base;
- inherit (config.myEnv.servers.eldiron.ldap) dn password;
- };
- authorizedHosts = {
- };
- replicationHosts = {
- backup-2 = {
- ip4 = [config.myEnv.servers.backup-2.ips.main.ip4];
- ip6 = config.myEnv.servers.backup-2.ips.main.ip6;
- };
- };
- enable = true;
- };
-
- redis.enable = true;
- };
-}