aboutsummaryrefslogtreecommitdiff
path: root/modules/private/databases/mariadb.nix
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2019-05-17 10:26:33 +0200
committerIsmaël Bouya <ismael.bouya@normalesup.org>2019-05-17 10:26:49 +0200
commit4aac110f17f0528d90510eec00c9a8df60bcf04f (patch)
treef3fd7dfd999f56f397c1cdc972dd37978e15f0cd /modules/private/databases/mariadb.nix
parentffb14c1c25280777f5db3d2129c48dd319381f65 (diff)
downloadNix-4aac110f17f0528d90510eec00c9a8df60bcf04f.tar.gz
Nix-4aac110f17f0528d90510eec00c9a8df60bcf04f.tar.zst
Nix-4aac110f17f0528d90510eec00c9a8df60bcf04f.zip
Remove direct dependency to myconfig in database modules
Diffstat (limited to 'modules/private/databases/mariadb.nix')
-rw-r--r--modules/private/databases/mariadb.nix40
1 files changed, 32 insertions, 8 deletions
diff --git a/modules/private/databases/mariadb.nix b/modules/private/databases/mariadb.nix
index cc99c3c..a7239c0 100644
--- a/modules/private/databases/mariadb.nix
+++ b/modules/private/databases/mariadb.nix
@@ -1,4 +1,4 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 cfg = config.myServices.databases.mariadb; 3 cfg = config.myServices.databases.mariadb;
4in { 4in {
@@ -10,6 +10,30 @@ in {
10 description = "Whether to enable mariadb database"; 10 description = "Whether to enable mariadb database";
11 type = lib.types.bool; 11 type = lib.types.bool;
12 }; 12 };
13 package = lib.mkOption {
14 type = lib.types.package;
15 default = pkgs.mariadb;
16 description = ''
17 Mariadb package to use.
18 '';
19 };
20 credentials = lib.mkOption {
21 default = {};
22 description = "Credentials";
23 type = lib.types.attrsOf lib.types.str;
24 };
25 ldapConfig = lib.mkOption {
26 description = "LDAP configuration to allow PAM identification via LDAP";
27 type = lib.types.submodule {
28 options = {
29 host = lib.mkOption { type = lib.types.str; };
30 base = lib.mkOption { type = lib.types.str; };
31 dn = lib.mkOption { type = lib.types.str; };
32 password = lib.mkOption { type = lib.types.str; };
33 filter = lib.mkOption { type = lib.types.str; };
34 };
35 };
36 };
13 dataDir = lib.mkOption { 37 dataDir = lib.mkOption {
14 type = lib.types.path; 38 type = lib.types.path;
15 default = "/var/lib/mysql"; 39 default = "/var/lib/mysql";
@@ -50,7 +74,7 @@ in {
50 # CREATE USER foo@localhost IDENTIFIED VIA pam USING 'mysql'; 74 # CREATE USER foo@localhost IDENTIFIED VIA pam USING 'mysql';
51 services.mysql = { 75 services.mysql = {
52 enable = true; 76 enable = true;
53 package = pkgs.mariadb; 77 package = cfg.package;
54 dataDir = cfg.dataDir; 78 dataDir = cfg.dataDir;
55 extraOptions = '' 79 extraOptions = ''
56 ssl_ca = ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt 80 ssl_ca = ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
@@ -79,7 +103,7 @@ in {
79 text = '' 103 text = ''
80 [mysqldump] 104 [mysqldump]
81 user = root 105 user = root
82 password = ${myconfig.env.databases.mysql.systemUsers.root} 106 password = ${cfg.credentials.root}
83 ''; 107 '';
84 } 108 }
85 { 109 {
@@ -87,14 +111,14 @@ in {
87 permissions = "0400"; 111 permissions = "0400";
88 user = "mysql"; 112 user = "mysql";
89 group = "mysql"; 113 group = "mysql";
90 text = with myconfig.env.databases.mysql.pam; '' 114 text = with cfg.ldapConfig; ''
91 host ${myconfig.env.ldap.host} 115 host ${host}
92 base ${myconfig.env.ldap.base} 116 base ${base}
93 binddn ${dn} 117 binddn ${dn}
94 bindpw ${password} 118 bindpw ${password}
95 pam_filter ${filter} 119 pam_filter ${filter}
96 ssl start_tls 120 ssl start_tls
97 ''; 121 '';
98 } 122 }
99 ]; 123 ];
100 124
@@ -102,7 +126,7 @@ in {
102 enable = true; 126 enable = true;
103 systemCronJobs = [ 127 systemCronJobs = [
104 '' 128 ''
105 30 1,13 * * * root ${pkgs.mariadb}/bin/mysqldump --defaults-file=${config.secrets.location}/mysql/mysqldump --all-databases > ${cfg.dataDir}/backup.sql 129 30 1,13 * * * root ${cfg.package}/bin/mysqldump --defaults-file=${config.secrets.location}/mysql/mysqldump --all-databases > ${cfg.dataDir}/backup.sql
106 '' 130 ''
107 ]; 131 ];
108 }; 132 };