diff --git a/hosts/bicep/configuration.nix b/hosts/bicep/configuration.nix index a25c154..f333cf2 100644 --- a/hosts/bicep/configuration.nix +++ b/hosts/bicep/configuration.nix @@ -9,6 +9,7 @@ ./services/mysql.nix ./services/postgres.nix + ./services/mysql.nix ./services/matrix ]; diff --git a/hosts/bicep/services/mysql.nix b/hosts/bicep/services/mysql.nix index 0d7cc1b..01198b7 100644 --- a/hosts/bicep/services/mysql.nix +++ b/hosts/bicep/services/mysql.nix @@ -10,10 +10,21 @@ max_connect_errors = 10000; }; }; + + # Note: This user also has MAX_USER_CONNECTIONS set to 3, and + # a password which can be found in /secrets/ildkule/ildkule.yaml + ensureUsers = [{ + name = "prometheus_mysqld_exporter"; + ensurePermissions = { + "*.*" = "PROCESS, REPLICATION CLIENT, SELECT"; + }; + }]; }; services.mysqlBackup = { enable = true; location = "/var/lib/mysql/backups"; }; + + networking.firewall.allowedTCPPorts = [ 3306 ]; } diff --git a/values.nix b/values.nix index ad4b414..f2a847d 100644 --- a/values.nix +++ b/values.nix @@ -10,6 +10,9 @@ in rec { postgres = { inherit (hosts.bicep) ipv4 ipv6; }; + mysql = { + inherit (hosts.bicep) ipv4 ipv6; + }; # Also on bicep turn = { ipv4 = pvv-ipv4 213;