diff options
| author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-25 02:18:11 +0200 |
|---|---|---|
| committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-25 02:18:11 +0200 |
| commit | 7178c2b1009694c8a750dcd376a36c3d4bf90cf4 (patch) | |
| tree | 1dbc6b18804a901c64f53bceddce8027b202580a /nixops/modules/databases/mysql.nix | |
| parent | 1b3154e40a568a296c74759d68827366b5f26da9 (diff) | |
| download | Nix-7178c2b1009694c8a750dcd376a36c3d4bf90cf4.tar.gz Nix-7178c2b1009694c8a750dcd376a36c3d4bf90cf4.tar.zst Nix-7178c2b1009694c8a750dcd376a36c3d4bf90cf4.zip | |
Move databases config to new secrets
Diffstat (limited to 'nixops/modules/databases/mysql.nix')
| -rw-r--r-- | nixops/modules/databases/mysql.nix | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/nixops/modules/databases/mysql.nix b/nixops/modules/databases/mysql.nix index 95de972..a9ca8d3 100644 --- a/nixops/modules/databases/mysql.nix +++ b/nixops/modules/databases/mysql.nix | |||
| @@ -52,9 +52,9 @@ in { | |||
| 52 | ''; | 52 | ''; |
| 53 | }; | 53 | }; |
| 54 | 54 | ||
| 55 | deployment.keys = { | 55 | mySecrets.keys = [ |
| 56 | mysqldump = { | 56 | { |
| 57 | destDir = "/run/keys/mysql"; | 57 | dest = "mysql/mysqldump"; |
| 58 | permissions = "0400"; | 58 | permissions = "0400"; |
| 59 | user = "root"; | 59 | user = "root"; |
| 60 | group = "root"; | 60 | group = "root"; |
| @@ -63,9 +63,9 @@ in { | |||
| 63 | user = root | 63 | user = root |
| 64 | password = ${myconfig.env.databases.mysql.systemUsers.root} | 64 | password = ${myconfig.env.databases.mysql.systemUsers.root} |
| 65 | ''; | 65 | ''; |
| 66 | }; | 66 | } |
| 67 | mysql-pam = { | 67 | { |
| 68 | destDir = "/run/keys/mysql"; | 68 | dest = "mysql/pam"; |
| 69 | permissions = "0400"; | 69 | permissions = "0400"; |
| 70 | user = "mysql"; | 70 | user = "mysql"; |
| 71 | group = "mysql"; | 71 | group = "mysql"; |
| @@ -77,14 +77,14 @@ in { | |||
| 77 | pam_filter ${filter} | 77 | pam_filter ${filter} |
| 78 | ssl start_tls | 78 | ssl start_tls |
| 79 | ''; | 79 | ''; |
| 80 | }; | 80 | } |
| 81 | }; | 81 | ]; |
| 82 | 82 | ||
| 83 | services.cron = { | 83 | services.cron = { |
| 84 | enable = true; | 84 | enable = true; |
| 85 | systemCronJobs = [ | 85 | systemCronJobs = [ |
| 86 | '' | 86 | '' |
| 87 | 30 1,13 * * * root ${pkgs.mariadb}/bin/mysqldump --defaults-file=/run/keys/mysql/mysqldump --all-databases > /var/lib/mysql/backup.sql | 87 | 30 1,13 * * * root ${pkgs.mariadb}/bin/mysqldump --defaults-file=/var/secrets/mysql/mysqldump --all-databases > /var/lib/mysql/backup.sql |
| 88 | '' | 88 | '' |
| 89 | ]; | 89 | ]; |
| 90 | }; | 90 | }; |
| @@ -96,8 +96,8 @@ in { | |||
| 96 | name = "mysql"; | 96 | name = "mysql"; |
| 97 | text = '' | 97 | text = '' |
| 98 | # https://mariadb.com/kb/en/mariadb/pam-authentication-plugin/ | 98 | # https://mariadb.com/kb/en/mariadb/pam-authentication-plugin/ |
| 99 | auth required ${pam_ldap} config=/run/keys/mysql/mysql-pam | 99 | auth required ${pam_ldap} config=/var/secrets/mysql/pam |
| 100 | account required ${pam_ldap} config=/run/keys/mysql/mysql-pam | 100 | account required ${pam_ldap} config=/var/secrets/mysql/pam |
| 101 | ''; | 101 | ''; |
| 102 | } | 102 | } |
| 103 | ]; | 103 | ]; |