From 92cd95d6ce27442635cde962feaddb5cca639727 Mon Sep 17 00:00:00 2001 From: derped Date: Thu, 19 Dec 2019 09:36:54 +0100 Subject: [PATCH] mysql: Use ensure* options, split definition up into service files. note/reason for split: nixos submodule option names aren't standardized... --- services/gitea.nix | 64 +++++++++++++++++++++++++----------------- services/mariaDB.nix | 19 ++----------- services/nextcloud.nix | 18 ++++++++++-- 3 files changed, 56 insertions(+), 45 deletions(-) diff --git a/services/gitea.nix b/services/gitea.nix index b4b9313..1a16a57 100644 --- a/services/gitea.nix +++ b/services/gitea.nix @@ -3,34 +3,48 @@ with lib; mkIf (elem "gitea" config.machine.services) { - services.gitea = let - cfg = config.machine; - domain = (findFirst (s: s.service == "gitea") cfg cfg.vHosts).domain; - in { - enable = true; - user = "git"; - cookieSecure = true; - domain = domain; - rootUrl = "http://${domain}/"; - database = { - type = "mysql"; + services = { + gitea = let + cfg = config.machine; + domain = (findFirst (s: s.service == "gitea") cfg cfg.vHosts).domain; + in { + enable = true; user = "git"; - name = "gitea"; - passwordFile = "${cfg.secretPath}/gitea_db"; + cookieSecure = true; + domain = domain; + rootUrl = "http://${domain}/"; + database = { + type = "mysql"; + user = "git"; + name = "gitea"; + passwordFile = "${cfg.secretPath}/gitea_db"; + }; + extraConfig = '' + [repository] + DISABLE_HTTP_GIT = false + USE_COMPAT_SSH_URI = true + + [security] + INSTALL_LOCK = true + COOKIE_USERNAME = gitea_username + COOKIE_REMEMBER_NAME = gitea_userauth + + [service] + DISABLE_REGISTRATION = true + ''; }; - extraConfig = '' - [repository] - DISABLE_HTTP_GIT = false - USE_COMPAT_SSH_URI = true - [security] - INSTALL_LOCK = true - COOKIE_USERNAME = gitea_username - COOKIE_REMEMBER_NAME = gitea_userauth - - [service] - DISABLE_REGISTRATION = true - ''; + mysql = let + cfg = config.services.gitea.database; + in { + ensureDatabases = [ cfg.name ]; + ensureUsers = [{ + name = cfg.user; + ensurePermissions = { + "${cfg.name}.*" = "ALL PRIVILEGES"; + }; + }]; + }; }; users.users.git = { diff --git a/services/mariaDB.nix b/services/mariaDB.nix index abbc49b..a1d90aa 100644 --- a/services/mariaDB.nix +++ b/services/mariaDB.nix @@ -2,24 +2,9 @@ with lib; -let - cfg = config.services; - mkInitialDatabases = servicename: if (cfg."${servicename}".enable && (cfg."${servicename}".database.type == "mysql")) then - let - password = (fileContents "${config.machine.secretPath}/${servicename}_db"); - cfg = config.services."${servicename}".database; - in { - name = cfg.name; - schema = pkgs.writeText "${cfg.name}.sql" '' - create user if not exists ${cfg.user}@'localhost' identified by ${password}; - grant all privileges on ${cfg.name}.* to ${cfg.user}@'localhost' identified by ${password}; - ''; - } else { name = ""; }; -in mkIf (elem "mariaDB" config.machine.services) { - services.mysql = { +mkIf (elem "mariaDB" config.machine.services) { + services.mysql = rec { enable = true; package = pkgs.mariadb; - initialDatabases = (map mkInitialDatabases [ "mailman3" "gitea" ]); }; } - diff --git a/services/nextcloud.nix b/services/nextcloud.nix index cac0577..06306b1 100644 --- a/services/nextcloud.nix +++ b/services/nextcloud.nix @@ -3,9 +3,9 @@ with lib; mkIf (elem "nextcloud" config.machine.services) { - services = let - cfg = config.machine; - domain = (findFirst (s: s.service == "nextcloud") cfg cfg.vHosts).domain; + services = let + cfg = config.machine; + domain = (findFirst (s: s.service == "nextcloud") cfg cfg.vHosts).domain; in { nextcloud = { enable = true; @@ -47,5 +47,17 @@ mkIf (elem "nextcloud" config.machine.services) { no-multicast-peers ''; }; + + mysql = let + cfg = config.services.nextcloud.config; + in { + ensureDatabases = [ cfg.dbname ]; + ensureUsers = [{ + name = cfg.dbuser; + ensurePermissions = { + "${cfg.dbname}.*" = "ALL PRIVILEGES"; + }; + }]; + }; }; }