Move databases configs to modules

[perso/Immae/Config/Nix.git] / modules / private / databases / mariadb.nix

diff --git a/nixops/modules/databases/mysql.nix b/modules/private/databases/mariadb.nix
similarity index 66%
rename from nixops/modules/databases/mysql.nix
rename to modules/private/databases/mariadb.nix
index 6739aaa401f23bee97179d2acb9cfc9466a61847..21f4359957f8be4225f070d5bd52f8a2e4c57a7b 100644 (file)
--- a/nixops/modules/databases/mysql.nix
+++ b/modules/private/databases/mariadb.nix
@@ -1,8 +1,8 @@
 { lib, pkgs, config, myconfig,  ... }:
 let
-    cfg = config.services.myDatabases;
+    cfg = config.myServices.databases.mariadb;
 in {
-  options.services.myDatabases = {
+  options.myServices.databases = {
     mariadb = {
       enable = lib.mkOption {
         default = cfg.enable;
@@ -10,6 +10,31 @@ in {
         description = "Whether to enable mariadb database";
         type = lib.types.bool;
       };
+      dataDir = lib.mkOption {
+        type = lib.types.path;
+        default = "/var/lib/mysql";
+        description = ''
+          The directory where Mariadb stores its data.
+        '';
+      };
+      # Output variables
+      socketsDir = lib.mkOption {
+        type = lib.types.path;
+        default = "/run/mysqld";
+        description = ''
+          The directory where Mariadb puts sockets.
+          '';
+      };
+      sockets = lib.mkOption {
+        type = lib.types.attrsOf lib.types.path;
+        default = {
+          mysqld  = "${cfg.socketsDir}/mysqld.sock";
+        };
+        readOnly = true;
+        description = ''
+          Mariadb sockets
+          '';
+      };
     };
   };
 
@@ -23,9 +48,10 @@ in {
     # User identified by LDAP:
     # CREATE USER foo@% IDENTIFIED VIA pam USING 'mysql' REQUIRE SSL;
     # CREATE USER foo@localhost IDENTIFIED VIA pam USING 'mysql';
-    services.mysql = rec {
-      enable = cfg.mariadb.enable;
+    services.mysql = {
+      enable = true;
       package = pkgs.mariadb;
+      dataDir = cfg.dataDir;
       extraOptions = ''
         ssl_ca = ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
         ssl_key = /var/lib/acme/mysql/key.pem
@@ -34,7 +60,7 @@ in {
     };
 
     users.users.mysql.extraGroups = [ "keys" ];
-    security.acme.certs."mysql" = config.services.myCertificates.certConfig // {
+    security.acme.certs."mysql" = config.myServices.databasesCerts // {
       user = "mysql";
       group = "mysql";
       plugins = [ "fullchain.pem" "key.pem" "account_key.json" ];
@@ -76,7 +102,7 @@ in {
       enable = true;
       systemCronJobs = [
         ''
-          30 1,13 * * * root ${pkgs.mariadb}/bin/mysqldump --defaults-file=/var/secrets/mysql/mysqldump --all-databases > /var/lib/mysql/backup.sql
+          30 1,13 * * * root ${pkgs.mariadb}/bin/mysqldump --defaults-file=${config.secrets.location}/mysql/mysqldump --all-databases > ${cfg.dataDir}/backup.sql
         ''
       ];
     };
@@ -88,8 +114,8 @@ in {
         name = "mysql";
         text = ''
           # https://mariadb.com/kb/en/mariadb/pam-authentication-plugin/
-          auth    required ${pam_ldap} config=/var/secrets/mysql/pam
-          account required ${pam_ldap} config=/var/secrets/mysql/pam
+          auth    required ${pam_ldap} config=${config.secrets.location}/mysql/pam
+          account required ${pam_ldap} config=${config.secrets.location}/mysql/pam
           '';
       }
     ];