Projects/mysqladm-rs
12
2
Fork 0
Code Issues 44 Pull Requests Actions Packages Releases Activity

module.nix: default runtimedir to /run, improve systemd unit

Browse Source
This commit is contained in:
Oystein Kristoffer Tveit
2025-11-09 20:14:48 +09:00
parent 968c71ba79
commit 45fbec1ad4
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
nix/module.nix
View File

@@ -37,7 +37,7 @@ in
server = { server = {
socket_path = lib.mkOption { socket_path = lib.mkOption {
type = lib.types.path; type = lib.types.path;
default = "/var/run/mysqladm/mysqladm.sock"; default = "/run/mysqladm/mysqladm.sock";
description = "Path to the MySQL socket"; description = "Path to the MySQL socket";
}; };
}; };
@@ -45,7 +45,7 @@ in
mysql = { mysql = {
socket_path = lib.mkOption { socket_path = lib.mkOption {
type = with lib.types; nullOr path; type = with lib.types; nullOr path;
default = "/var/run/mysqld/mysqld.sock"; default = "/run/mysqld/mysqld.sock";
description = "Path to the MySQL socket"; description = "Path to the MySQL socket";
}; };
host = lib.mkOption { host = lib.mkOption {
@@ -104,10 +104,11 @@ in
WatchdogSec = 15; WatchdogSec = 15;
User = "mysqladm";
Group = "mysqladm";
DynamicUser = true; DynamicUser = true;
ConfigurationDirectory = "mysqladm";
RuntimeDirectory = "mysqladm";
# This is required to read unix user/group details. # This is required to read unix user/group details.
PrivateUsers = false; PrivateUsers = false;
@@ -132,7 +133,7 @@ in
PrivateTmp = "yes"; PrivateTmp = "yes";
ProcSubset = "pid"; ProcSubset = "pid";
ProtectClock = true; ProtectClock = true;
ProtectControlGroups = true; ProtectControlGroups = "strict";
ProtectHome = true; ProtectHome = true;
ProtectHostname = true; ProtectHostname = true;
ProtectKernelLogs = true; ProtectKernelLogs = true;