X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=blobdiff_plain;f=modules%2Fprivate%2Fdatabases%2Fmariadb_replication.nix;fp=modules%2Fprivate%2Fdatabases%2Fmariadb_replication.nix;h=0000000000000000000000000000000000000000;hp=68e6f7fdd809590e503d35d7e4793539b9d695a2;hb=1a64deeb894dc95e2645a75771732c6cc53a79ad;hpb=fa25ffd4583cc362075cd5e1b4130f33306103f0 diff --git a/modules/private/databases/mariadb_replication.nix b/modules/private/databases/mariadb_replication.nix deleted file mode 100644 index 68e6f7f..0000000 --- a/modules/private/databases/mariadb_replication.nix +++ /dev/null @@ -1,251 +0,0 @@ -{ pkgs, config, lib, ... }: -let - cfg = config.myServices.databasesReplication.mariadb; -in -{ - options.myServices.databasesReplication.mariadb = { - enable = lib.mkEnableOption "Enable mariadb replication"; - base = lib.mkOption { - type = lib.types.path; - description = '' - Base path to put the replications - ''; - }; - hosts = lib.mkOption { - default = {}; - description = '' - Hosts to backup - ''; - type = lib.types.attrsOf (lib.types.submodule { - options = { - package = lib.mkOption { - type = lib.types.package; - default = pkgs.mariadb; - description = '' - Mariadb package for this host - ''; - }; - serverId = lib.mkOption { - type = lib.types.int; - description = '' - Server id to use for replication cluster (must be unique among the cluster!) - ''; - }; - host = lib.mkOption { - type = lib.types.str; - description = '' - Host to connect to - ''; - }; - port = lib.mkOption { - type = lib.types.str; - description = '' - Port to connect to - ''; - }; - user = lib.mkOption { - type = lib.types.str; - description = '' - User to connect as - ''; - }; - password = lib.mkOption { - type = lib.types.str; - description = '' - Password to use - ''; - }; - dumpUser = lib.mkOption { - type = lib.types.str; - description = '' - User who can do a dump - ''; - }; - dumpPassword = lib.mkOption { - type = lib.types.str; - description = '' - Password for the dump user - ''; - }; - }; - }); - }; - }; - - config = lib.mkIf cfg.enable { - users.users.mysql = { - description = "MySQL server user"; - group = "mysql"; - uid = config.ids.uids.mysql; - extraGroups = [ "keys" ]; - }; - users.groups.mysql.gid = config.ids.gids.mysql; - - secrets.keys = lib.listToAttrs (lib.flatten (lib.mapAttrsToList (name: hcfg: [ - (lib.nameValuePair "mysql_replication/${name}/slave_init_commands" { - user = "mysql"; - group = "mysql"; - permissions = "0400"; - text = '' - CHANGE MASTER TO master_host="${hcfg.host}", master_port=${hcfg.port}, master_user="${hcfg.user}", master_password="${hcfg.password}", master_ssl=1, master_use_gtid=slave_pos; - START SLAVE; - ''; - }) - (lib.nameValuePair "mysql_replication/${name}/mysqldump_remote" { - permissions = "0400"; - user = "root"; - group = "root"; - text = '' - [mysqldump] - user = ${hcfg.user} - password = ${hcfg.password} - ''; - }) - (lib.nameValuePair "mysql_replication/${name}/mysqldump" { - permissions = "0400"; - user = "root"; - group = "root"; - text = '' - [mysqldump] - user = ${hcfg.dumpUser} - password = ${hcfg.dumpPassword} - ''; - }) - (lib.nameValuePair "mysql_replication/${name}/client" { - permissions = "0400"; - user = "mysql"; - group = "mysql"; - text = '' - [client] - user = ${hcfg.dumpUser} - password = ${hcfg.dumpPassword} - ''; - }) - ]) cfg.hosts)); - - services.cron = { - enable = true; - systemCronJobs = lib.flatten (lib.mapAttrsToList (name: hcfg: - let - dataDir = "${cfg.base}/${name}/mysql"; - backupDir = "${cfg.base}/${name}/mysql_backup"; - backup_script = pkgs.writeScript "backup_mysql_${name}" '' - #!${pkgs.stdenv.shell} - - set -euo pipefail - - filename=${backupDir}/$(${pkgs.coreutils}/bin/date -Iminutes).sql - ${hcfg.package}/bin/mysqldump \ - --defaults-file=${config.secrets.fullPaths."mysql_replication/${name}/mysqldump"} \ - -S /run/mysqld_${name}/mysqld.sock \ - --gtid \ - --master-data \ - --flush-privileges \ - --ignore-database=netdata \ - --all-databases > $filename - ${pkgs.gzip}/bin/gzip $filename - ''; - u = pkgs.callPackage ./utils.nix {}; - cleanup_script = pkgs.writeScript "cleanup_mysql_${name}" (u.exponentialDumps "sql.gz" backupDir); - in [ - "0 22,4,10,16 * * * root ${backup_script}" - "0 3 * * * root ${cleanup_script}" - ]) cfg.hosts); - }; - - system.activationScripts = lib.attrsets.mapAttrs' (name: hcfg: - lib.attrsets.nameValuePair "mysql_replication_${name}" { - deps = [ "users" "groups" ]; - text = '' - install -m 0700 -o mysql -g mysql -d ${cfg.base}/${name}/mysql - install -m 0700 -o mysql -g mysql -d ${cfg.base}/${name}/mysql_backup - ''; - }) cfg.hosts; - - environment.etc = lib.attrsets.mapAttrs' (name: hcfg: - lib.attrsets.nameValuePair "mysql/${name}_my.cnf" { - text = '' - [mysqld] - skip-networking - socket = /run/mysqld_${name}/mysqld.sock - datadir = ${cfg.base}/${name}/mysql/ - log-bin = mariadb-bin - server-id = ${builtins.toString hcfg.serverId} - ''; - } - ) cfg.hosts; - - systemd.services = lib.attrsets.mapAttrs' (name: hcfg: - let - dataDir = "${cfg.base}/${name}/mysql"; - in - lib.attrsets.nameValuePair "mysql_backup_${name}" { - description = "Mysql replication for ${name}"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - restartTriggers = [ config.environment.etc."mysql/${name}_my.cnf".source ]; - unitConfig.RequiresMountsFor = dataDir; - - preStart = '' - if ! test -e ${dataDir}/mysql; then - if ! test -e ${dataDir}/initial.sql; then - ${hcfg.package}/bin/mysqldump \ - --defaults-file=${config.secrets.fullPaths."mysql_replication/${name}/mysqldump_remote"} \ - -h ${hcfg.host} \ - -P ${hcfg.port} \ - --ssl \ - --gtid \ - --flush-privileges \ - --master-data \ - --all-databases > ${dataDir}/initial.sql - fi - - ${hcfg.package}/bin/mysql_install_db \ - --defaults-file=/etc/mysql/${name}_my.cnf \ - --user=mysql \ - --datadir=${dataDir} \ - --basedir=${hcfg.package} - fi - ''; - - serviceConfig = { - User = "mysql"; - Group = "mysql"; - RuntimeDirectory = "mysqld_${name}"; - RuntimeDirectoryMode = "0755"; - SupplementaryGroups = "keys"; - PermissionsStartOnly = true; - Type = "notify"; - - ExecStart = "${hcfg.package}/bin/mysqld --defaults-file=/etc/mysql/${name}_my.cnf --user=mysql --datadir=${dataDir} --basedir=${hcfg.package}"; - ExecStartPost = - let - sql_before = pkgs.writeText "mysql-initial-before" '' - DROP DATABASE test; - INSTALL SONAME 'auth_pam'; - ''; - setupScript = pkgs.writeScript "mysql-setup" '' - #!${pkgs.runtimeShell} -e - - if test -e ${dataDir}/initial.sql; then - cat \ - ${sql_before} \ - ${dataDir}/initial.sql \ - ${config.secrets.fullPaths."mysql_replication/${name}/slave_init_commands"} \ - | ${hcfg.package}/bin/mysql \ - --defaults-file=/etc/mysql/${name}_my.cnf \ - -S /run/mysqld_${name}/mysqld.sock \ - --user=root - rm -f ${dataDir}/initial.sql - fi - ''; - in - "+${setupScript}"; - # initial dump can take a long time - TimeoutStartSec="infinity"; - TimeoutStopSec = 120; - }; - }) cfg.hosts; - }; -} -