diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-25 02:18:11 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2019-04-25 02:18:11 +0200 |
commit | 7178c2b1009694c8a750dcd376a36c3d4bf90cf4 (patch) | |
tree | 1dbc6b18804a901c64f53bceddce8027b202580a /nixops/modules/databases/mysql.nix | |
parent | 1b3154e40a568a296c74759d68827366b5f26da9 (diff) | |
download | Nix-7178c2b1009694c8a750dcd376a36c3d4bf90cf4.tar.gz Nix-7178c2b1009694c8a750dcd376a36c3d4bf90cf4.tar.zst Nix-7178c2b1009694c8a750dcd376a36c3d4bf90cf4.zip |
Move databases config to new secrets
Diffstat (limited to 'nixops/modules/databases/mysql.nix')
-rw-r--r-- | nixops/modules/databases/mysql.nix | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/nixops/modules/databases/mysql.nix b/nixops/modules/databases/mysql.nix index 95de972..a9ca8d3 100644 --- a/nixops/modules/databases/mysql.nix +++ b/nixops/modules/databases/mysql.nix | |||
@@ -52,9 +52,9 @@ in { | |||
52 | ''; | 52 | ''; |
53 | }; | 53 | }; |
54 | 54 | ||
55 | deployment.keys = { | 55 | mySecrets.keys = [ |
56 | mysqldump = { | 56 | { |
57 | destDir = "/run/keys/mysql"; | 57 | dest = "mysql/mysqldump"; |
58 | permissions = "0400"; | 58 | permissions = "0400"; |
59 | user = "root"; | 59 | user = "root"; |
60 | group = "root"; | 60 | group = "root"; |
@@ -63,9 +63,9 @@ in { | |||
63 | user = root | 63 | user = root |
64 | password = ${myconfig.env.databases.mysql.systemUsers.root} | 64 | password = ${myconfig.env.databases.mysql.systemUsers.root} |
65 | ''; | 65 | ''; |
66 | }; | 66 | } |
67 | mysql-pam = { | 67 | { |
68 | destDir = "/run/keys/mysql"; | 68 | dest = "mysql/pam"; |
69 | permissions = "0400"; | 69 | permissions = "0400"; |
70 | user = "mysql"; | 70 | user = "mysql"; |
71 | group = "mysql"; | 71 | group = "mysql"; |
@@ -77,14 +77,14 @@ in { | |||
77 | pam_filter ${filter} | 77 | pam_filter ${filter} |
78 | ssl start_tls | 78 | ssl start_tls |
79 | ''; | 79 | ''; |
80 | }; | 80 | } |
81 | }; | 81 | ]; |
82 | 82 | ||
83 | services.cron = { | 83 | services.cron = { |
84 | enable = true; | 84 | enable = true; |
85 | systemCronJobs = [ | 85 | systemCronJobs = [ |
86 | '' | 86 | '' |
87 | 30 1,13 * * * root ${pkgs.mariadb}/bin/mysqldump --defaults-file=/run/keys/mysql/mysqldump --all-databases > /var/lib/mysql/backup.sql | 87 | 30 1,13 * * * root ${pkgs.mariadb}/bin/mysqldump --defaults-file=/var/secrets/mysql/mysqldump --all-databases > /var/lib/mysql/backup.sql |
88 | '' | 88 | '' |
89 | ]; | 89 | ]; |
90 | }; | 90 | }; |
@@ -96,8 +96,8 @@ in { | |||
96 | name = "mysql"; | 96 | name = "mysql"; |
97 | text = '' | 97 | text = '' |
98 | # https://mariadb.com/kb/en/mariadb/pam-authentication-plugin/ | 98 | # https://mariadb.com/kb/en/mariadb/pam-authentication-plugin/ |
99 | auth required ${pam_ldap} config=/run/keys/mysql/mysql-pam | 99 | auth required ${pam_ldap} config=/var/secrets/mysql/pam |
100 | account required ${pam_ldap} config=/run/keys/mysql/mysql-pam | 100 | account required ${pam_ldap} config=/var/secrets/mysql/pam |
101 | ''; | 101 | ''; |
102 | } | 102 | } |
103 | ]; | 103 | ]; |