mysqladm-rs/nix/module.nix

108 lines
3.1 KiB
Nix
Raw Normal View History

2024-08-19 00:19:17 +02:00
{ config, pkgs, lib, ... }:
let
cfg = config.services.mysqladm-rs;
format = pkgs.formats.toml { };
in
{
options.services.mysqladm-rs = {
enable = lib.mkEnableOption "Enable mysqladm-rs";
package = lib.mkPackageOption pkgs "mysqladm-rs" { };
createLocalUser = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Create a local database user for mysqladm-rs";
};
settings = lib.mkOption {
default = { };
type = lib.types.submodule {
freeformType = format.type;
options = {
server = {
socket_path = lib.mkOption {
type = lib.types.path;
default = "/var/run/mysqladm/mysqladm.sock";
description = "Path to the MySQL socket";
};
};
mysql = {
host = lib.mkOption {
type = lib.types.str;
default = "localhost";
description = "MySQL host";
};
port = lib.mkOption {
type = lib.types.int;
default = 3306;
description = "MySQL port";
};
username = lib.mkOption {
type = lib.types.str;
default = "root";
description = "MySQL username";
};
# passwordFile = lib.mkOption {
# type = lib.types.path;
# default = "secret";
# description = "Path to a file containing the MySQL password";
# };
password = lib.mkOption {
type = lib.types.str;
default = "secret";
description = "MySQL password";
};
timeout = lib.mkOption {
type = lib.types.int;
default = 2;
description = "Number of seconds to wait for a response from the MySQL server";
};
};
};
};
};
};
config = let
configFile = format.generate "mysqladm-rs.conf" cfg.settings;
in lib.mkIf config.services.mysqladm-rs.enable {
environment.systemPackages = [ cfg.package ];
services.mysql.ensureUsers = lib.mkIf cfg.createLocalUser [
{
name = "mysqladm";
ensurePermissions = {
"mysql.*" = "SELECT, INSERT, UPDATE, DELETE";
"information_schema.*" = "SELECT";
"*.*" = "CREATE USER, GRANT OPTION";
};
}
];
systemd.services."mysqladm@" = {
description = "MySQL administration tool for non-admin users";
# after = [ "mysql.target" ];
environment.RUST_LOG = "debug";
serviceConfig = {
Type = "notify";
ExecStart = "${lib.getExe cfg.package} server socket-activate --config ${configFile}";
User = "mysqladm";
Group = "mysqladm";
DynamicUser = true;
};
};
systemd.sockets."mysqladm" = {
description = "MySQL administration tool for non-admin users";
wantedBy = [ "sockets.target" ];
restartTriggers = [ configFile ];
socketConfig = {
ListenStream = cfg.settings.server.socket_path;
Accept = "yes";
PassCredentials = true;
};
};
};
}