1 files changed, 19 insertions, 20 deletions

diff --git a/modules/private/databases/mariadb.nix b/modules/private/databases/mariadb.nix
index 04e4bd6..36edaeb 100644
--- a/modules/private/databases/mariadb.nix
+++ b/modules/private/databases/mariadb.nix
@@ -94,26 +94,27 @@ in {
       enable = true;
       package = cfg.package;
       dataDir = cfg.dataDir;
-      extraOptions = ''
-        ssl_ca = ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
-        ssl_key = ${config.security.acme.certs.mysql.directory}/key.pem
-        ssl_cert = ${config.security.acme.certs.mysql.directory}/fullchain.pem
+      settings = {
+        mysqld = {
+          ssl_ca = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+          ssl_key = "${config.security.acme.certs.mysql.directory}/key.pem";
+          ssl_cert = "${config.security.acme.certs.mysql.directory}/fullchain.pem";
 
-        # for replication
-        log-bin=mariadb-bin
-        server-id=1
+          # for replication
+          log-bin = "mariadb-bin";
+          server-id = "1";
 
-        # this introduces a small delay before storing on disk, but
-        # makes it order of magnitudes quicker
-        innodb_flush_log_at_trx_commit = 0
-        '';
+          # this introduces a small delay before storing on disk, but
+          # makes it order of magnitudes quicker
+          innodb_flush_log_at_trx_commit = "0";
+        };
+      };
     };
 
     users.users.mysql.extraGroups = [ "keys" ];
     security.acme.certs."mysql" = config.myServices.databasesCerts // {
       user = "mysql";
       group = "mysql";
-      plugins = [ "fullchain.pem" "key.pem" "account_key.json" "account_reg.json" ];
       domain = "db-1.immae.eu";
       postRun = ''
         systemctl restart mysql.service
@@ -164,23 +165,21 @@ in {
 
     security.pam.services = let
       pam_ldap = "${pkgs.pam_ldap}/lib/security/pam_ldap.so";
-    in [
-      {
-        name = "mysql";
+    in {
+      mysql = {
         text = ''
           # https://mariadb.com/kb/en/mariadb/pam-authentication-plugin/
           auth    required ${pam_ldap} config=${config.secrets.location}/mysql/pam
           account required ${pam_ldap} config=${config.secrets.location}/mysql/pam
           '';
-      }
-      {
-        name = "mysql_replication";
+      };
+      mysql_replication = {
         text = ''
           auth    required ${pam_ldap} config=${config.secrets.location}/mysql/pam_replication
           account required ${pam_ldap} config=${config.secrets.location}/mysql/pam_replication
           '';
-      }
-    ];
+      };
+    };
 
   };
 }