Move secrets to flakes

[perso/Immae/Config/Nix.git] / modules / private / databases / mariadb_replication.nix

diff --git a/modules/private/databases/mariadb_replication.nix b/modules/private/databases/mariadb_replication.nix
index 740bdac44b3be7bdb341a31829bb14350a62e75c..e857c416d1d6ba638b7dd3148246eb6958ef2183 100644 (file)
--- a/modules/private/databases/mariadb_replication.nix
+++ b/modules/private/databases/mariadb_replication.nix
@@ -138,16 +138,19 @@ in
 
               set -euo pipefail
 
+              filename=${backupDir}/$(${pkgs.coreutils}/bin/date -Iminutes).sql
               ${hcfg.package}/bin/mysqldump \
-                --defaults-file=${config.secrets.location}/mysql_replication/${name}/mysqldump \
+                --defaults-file=${config.secrets.fullPaths."mysql_replication/${name}/mysqldump"} \
                 -S /run/mysqld_${name}/mysqld.sock \
                 --gtid \
                 --master-data \
                 --flush-privileges \
-                --all-databases > ${backupDir}/$(${pkgs.coreutils}/bin/date -Iminutes).sql
+                --ignore-database=netdata \
+                --all-databases > $filename
+              ${pkgs.gzip}/bin/gzip $filename
             '';
           u = pkgs.callPackage ./utils.nix {};
-          cleanup_script = pkgs.writeScript "cleanup_mysql_${name}" (u.exponentialDumps "sql" backupDir);
+          cleanup_script = pkgs.writeScript "cleanup_mysql_${name}" (u.exponentialDumps "sql.gz" backupDir);
         in [
           "0 22,4,10,16 * * * root ${backup_script}"
           "0 3 * * * root ${cleanup_script}"
@@ -189,15 +192,17 @@ in
 
         preStart = ''
           if ! test -e ${dataDir}/mysql; then
-            ${hcfg.package}/bin/mysqldump \
-              --defaults-file=${config.secrets.location}/mysql_replication/${name}/mysqldump_remote \
-              -h ${hcfg.host} \
-              -P ${hcfg.port} \
-              --ssl \
-              --gtid \
-              --flush-privileges \
-              --master-data \
-              --all-databases > ${dataDir}/initial.sql
+            if ! test -e ${dataDir}/initial.sql; then
+              ${hcfg.package}/bin/mysqldump \
+                --defaults-file=${config.secrets.fullPaths."mysql_replication/${name}/mysqldump_remote"} \
+                -h ${hcfg.host} \
+                -P ${hcfg.port} \
+                --ssl \
+                --gtid \
+                --flush-privileges \
+                --master-data \
+                --all-databases > ${dataDir}/initial.sql
+            fi
 
             ${hcfg.package}/bin/mysql_install_db \
               --defaults-file=/etc/mysql/${name}_my.cnf \
@@ -221,6 +226,7 @@ in
             let
               sql_before = pkgs.writeText "mysql-initial-before" ''
                 DROP DATABASE test;
+                INSTALL SONAME 'auth_pam';
                 '';
               setupScript = pkgs.writeScript "mysql-setup" ''
                 #!${pkgs.runtimeShell} -e
@@ -229,7 +235,7 @@ in
                   cat \
                     ${sql_before} \
                     ${dataDir}/initial.sql \
-                    ${config.secrets.location}/mysql_replication/${name}/slave_init_commands \
+                    ${config.secrets.fullPaths."mysql_replication/${name}/slave_init_commands"} \
                     | ${hcfg.package}/bin/mysql \
                     --defaults-file=/etc/mysql/${name}_my.cnf \
                     -S /run/mysqld_${name}/mysqld.sock \