-{ lib, config, ... }:
+{ lib, config, myconfig, ... }:
let
cfg = config.myServices.databases;
in
description = "Default databases configurations for certificates as accepted by acme";
};
};
+
+ config.nixpkgs.overlays = lib.mkIf cfg.enable [ (self: super: {
+ postgresql = self.postgresql_11_custom;
+ }) ];
+
config.myServices.databases = lib.mkIf cfg.enable {
- mariadb.enable = true;
- openldap.enable = true;
- postgresql.enable = true;
+ mariadb = {
+ enable = true;
+ ldapConfig = {
+ inherit (myconfig.env.ldap) host base;
+ inherit (myconfig.env.databases.mysql.pam) dn filter password;
+ };
+ credentials.root = myconfig.env.databases.mysql.systemUsers.root;
+ };
+
+ openldap = {
+ accessFile = "${myconfig.privateFiles}/ldap.conf";
+ baseDn = myconfig.env.ldap.base;
+ rootDn = myconfig.env.ldap.root_dn;
+ rootPw = myconfig.env.ldap.root_pw;
+ enable = true;
+ };
+
+ postgresql = {
+ ldapConfig = {
+ inherit (myconfig.env.ldap) host base;
+ inherit (myconfig.env.databases.postgresql.pam) dn filter password;
+ };
+ replicationLdapConfig = {
+ inherit (myconfig.env.ldap) host base password;
+ dn = myconfig.env.ldap.host_dn;
+ };
+ authorizedHosts = {
+ immaeEu = [{
+ ip4 = [
+ myconfig.env.servers.immaeEu.ips.main.ip4
+ myconfig.env.servers.immaeEu.ips.alt.ip4
+ ];
+ }];
+ };
+ replicationHosts = {
+ backup-1 = {
+ ip4 = [myconfig.env.servers.backup-1.ips.main.ip4];
+ ip6 = myconfig.env.servers.backup-1.ips.main.ip6;
+ };
+ };
+ enable = true;
+ };
+
redis.enable = true;
};
}
projects / perso / Immae / Config / Nix.git / blobdiff