-{ lib, config, ... }:
+{ lib, config, nodes, ... }:
let
cfg = config.myServices.databases;
in
description = "Default databases configurations for certificates as accepted by acme";
};
};
+
+ config.nixpkgs.overlays = lib.mkIf cfg.enable [ (self: super: {
+ postgresql = self.postgresql_11_custom;
+ }) ];
+
config.myServices.databases = lib.mkIf cfg.enable {
- mariadb.enable = true;
- openldap.enable = true;
- postgresql.enable = true;
+ mariadb = {
+ enable = true;
+ ldapConfig = {
+ inherit (config.myEnv.ldap) host base;
+ inherit (config.myEnv.databases.mysql.pam) dn filter password;
+ };
+ replicationLdapConfig = {
+ inherit (config.myEnv.ldap) host base;
+ inherit (config.myEnv.servers.eldiron.ldap) dn password;
+ };
+ credentials.root = config.myEnv.databases.mysql.systemUsers.root;
+ };
+
+ openldap = {
+ accessFile = "${config.myEnv.privateFiles}/ldap.conf";
+ baseDn = config.myEnv.ldap.base;
+ rootDn = config.myEnv.ldap.root_dn;
+ rootPw = config.myEnv.ldap.root_pw;
+ enable = true;
+ };
+
+ postgresql = {
+ ldapConfig = {
+ inherit (config.myEnv.ldap) host base;
+ inherit (config.myEnv.databases.postgresql.pam) dn filter password;
+ };
+ replicationLdapConfig = {
+ inherit (config.myEnv.ldap) host base;
+ inherit (config.myEnv.servers.eldiron.ldap) dn password;
+ };
+ authorizedHosts = {
+ };
+ replicationHosts = {
+ backup-2 = {
+ ip4 = [config.myEnv.servers.backup-2.ips.main.ip4];
+ ip6 = config.myEnv.servers.backup-2.ips.main.ip6;
+ };
+ };
+ enable = true;
+ };
+
redis.enable = true;
};
}
projects / perso / Immae / Config / Nix.git / blobdiff