diff options
Diffstat (limited to 'modules/private/databases/mariadb.nix')
-rw-r--r-- | modules/private/databases/mariadb.nix | 40 |
1 files changed, 32 insertions, 8 deletions
diff --git a/modules/private/databases/mariadb.nix b/modules/private/databases/mariadb.nix index cc99c3c..a7239c0 100644 --- a/modules/private/databases/mariadb.nix +++ b/modules/private/databases/mariadb.nix | |||
@@ -1,4 +1,4 @@ | |||
1 | { lib, pkgs, config, myconfig, ... }: | 1 | { lib, pkgs, config, ... }: |
2 | let | 2 | let |
3 | cfg = config.myServices.databases.mariadb; | 3 | cfg = config.myServices.databases.mariadb; |
4 | in { | 4 | in { |
@@ -10,6 +10,30 @@ in { | |||
10 | description = "Whether to enable mariadb database"; | 10 | description = "Whether to enable mariadb database"; |
11 | type = lib.types.bool; | 11 | type = lib.types.bool; |
12 | }; | 12 | }; |
13 | package = lib.mkOption { | ||
14 | type = lib.types.package; | ||
15 | default = pkgs.mariadb; | ||
16 | description = '' | ||
17 | Mariadb package to use. | ||
18 | ''; | ||
19 | }; | ||
20 | credentials = lib.mkOption { | ||
21 | default = {}; | ||
22 | description = "Credentials"; | ||
23 | type = lib.types.attrsOf lib.types.str; | ||
24 | }; | ||
25 | ldapConfig = lib.mkOption { | ||
26 | description = "LDAP configuration to allow PAM identification via LDAP"; | ||
27 | type = lib.types.submodule { | ||
28 | options = { | ||
29 | host = lib.mkOption { type = lib.types.str; }; | ||
30 | base = lib.mkOption { type = lib.types.str; }; | ||
31 | dn = lib.mkOption { type = lib.types.str; }; | ||
32 | password = lib.mkOption { type = lib.types.str; }; | ||
33 | filter = lib.mkOption { type = lib.types.str; }; | ||
34 | }; | ||
35 | }; | ||
36 | }; | ||
13 | dataDir = lib.mkOption { | 37 | dataDir = lib.mkOption { |
14 | type = lib.types.path; | 38 | type = lib.types.path; |
15 | default = "/var/lib/mysql"; | 39 | default = "/var/lib/mysql"; |
@@ -50,7 +74,7 @@ in { | |||
50 | # CREATE USER foo@localhost IDENTIFIED VIA pam USING 'mysql'; | 74 | # CREATE USER foo@localhost IDENTIFIED VIA pam USING 'mysql'; |
51 | services.mysql = { | 75 | services.mysql = { |
52 | enable = true; | 76 | enable = true; |
53 | package = pkgs.mariadb; | 77 | package = cfg.package; |
54 | dataDir = cfg.dataDir; | 78 | dataDir = cfg.dataDir; |
55 | extraOptions = '' | 79 | extraOptions = '' |
56 | ssl_ca = ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt | 80 | ssl_ca = ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt |
@@ -79,7 +103,7 @@ in { | |||
79 | text = '' | 103 | text = '' |
80 | [mysqldump] | 104 | [mysqldump] |
81 | user = root | 105 | user = root |
82 | password = ${myconfig.env.databases.mysql.systemUsers.root} | 106 | password = ${cfg.credentials.root} |
83 | ''; | 107 | ''; |
84 | } | 108 | } |
85 | { | 109 | { |
@@ -87,14 +111,14 @@ in { | |||
87 | permissions = "0400"; | 111 | permissions = "0400"; |
88 | user = "mysql"; | 112 | user = "mysql"; |
89 | group = "mysql"; | 113 | group = "mysql"; |
90 | text = with myconfig.env.databases.mysql.pam; '' | 114 | text = with cfg.ldapConfig; '' |
91 | host ${myconfig.env.ldap.host} | 115 | host ${host} |
92 | base ${myconfig.env.ldap.base} | 116 | base ${base} |
93 | binddn ${dn} | 117 | binddn ${dn} |
94 | bindpw ${password} | 118 | bindpw ${password} |
95 | pam_filter ${filter} | 119 | pam_filter ${filter} |
96 | ssl start_tls | 120 | ssl start_tls |
97 | ''; | 121 | ''; |
98 | } | 122 | } |
99 | ]; | 123 | ]; |
100 | 124 | ||
@@ -102,7 +126,7 @@ in { | |||
102 | enable = true; | 126 | enable = true; |
103 | systemCronJobs = [ | 127 | systemCronJobs = [ |
104 | '' | 128 | '' |
105 | 30 1,13 * * * root ${pkgs.mariadb}/bin/mysqldump --defaults-file=${config.secrets.location}/mysql/mysqldump --all-databases > ${cfg.dataDir}/backup.sql | 129 | 30 1,13 * * * root ${cfg.package}/bin/mysqldump --defaults-file=${config.secrets.location}/mysql/mysqldump --all-databases > ${cfg.dataDir}/backup.sql |
106 | '' | 130 | '' |
107 | ]; | 131 | ]; |
108 | }; | 132 | }; |