X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=blobdiff_plain;f=modules%2Fprivate%2Fdatabases%2Fdefault.nix;h=3f7a44bf2d776f45d9dbfbec68f7713a476228c9;hp=78d91dc5e03077f863b97b2a5ae75d65a9395d60;hb=4aac110f17f0528d90510eec00c9a8df60bcf04f;hpb=ffb14c1c25280777f5db3d2129c48dd319381f65 diff --git a/modules/private/databases/default.nix b/modules/private/databases/default.nix index 78d91dc..3f7a44b 100644 --- a/modules/private/databases/default.nix +++ b/modules/private/databases/default.nix @@ -1,4 +1,4 @@ -{ lib, config, ... }: +{ lib, config, myconfig, ... }: let cfg = config.myServices.databases; in @@ -9,10 +9,55 @@ in description = "Default databases configurations for certificates as accepted by acme"; }; }; + + config.nixpkgs.overlays = lib.mkIf cfg.enable [ (self: super: { + postgresql = self.postgresql_11_custom; + }) ]; + config.myServices.databases = lib.mkIf cfg.enable { - mariadb.enable = true; - openldap.enable = true; - postgresql.enable = true; + mariadb = { + enable = true; + ldapConfig = { + inherit (myconfig.env.ldap) host base; + inherit (myconfig.env.databases.mysql.pam) dn filter password; + }; + credentials.root = myconfig.env.databases.mysql.systemUsers.root; + }; + + openldap = { + accessFile = "${myconfig.privateFiles}/ldap.conf"; + baseDn = myconfig.env.ldap.base; + rootDn = myconfig.env.ldap.root_dn; + rootPw = myconfig.env.ldap.root_pw; + enable = true; + }; + + postgresql = { + ldapConfig = { + inherit (myconfig.env.ldap) host base; + inherit (myconfig.env.databases.postgresql.pam) dn filter password; + }; + replicationLdapConfig = { + inherit (myconfig.env.ldap) host base password; + dn = myconfig.env.ldap.host_dn; + }; + authorizedHosts = { + immaeEu = [{ + ip4 = [ + myconfig.env.servers.immaeEu.ips.main.ip4 + myconfig.env.servers.immaeEu.ips.alt.ip4 + ]; + }]; + }; + replicationHosts = { + backup-1 = { + ip4 = [myconfig.env.servers.backup-1.ips.main.ip4]; + ip6 = myconfig.env.servers.backup-1.ips.main.ip6; + }; + }; + enable = true; + }; + redis.enable = true; }; }