From 5b7eafd7ca488e3de4d0823738a685a4f196f51e Mon Sep 17 00:00:00 2001 From: h7x4 Date: Mon, 19 Aug 2024 00:19:17 +0200 Subject: [PATCH] WIP --- example-config.toml | 3 ++ flake.nix | 7 ++- nix/module.nix | 108 ++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 117 insertions(+), 1 deletion(-) create mode 100644 nix/module.nix diff --git a/example-config.toml b/example-config.toml index 2d3200e..76cdc5f 100644 --- a/example-config.toml +++ b/example-config.toml @@ -1,5 +1,8 @@ # This should go to `/etc/mysqladm/config.toml` +[server] +socket_path = "/var/run/mysqladm/mysqladm.sock" + [mysql] host = "localhost" port = 3306 diff --git a/flake.nix b/flake.nix index c0728ed..79066e0 100644 --- a/flake.nix +++ b/flake.nix @@ -52,11 +52,16 @@ overlays = { default = self.overlays.mysqladm-rs; - greg-ng = final: prev: { + mysqladm-rs = final: prev: { inherit (self.packages.${prev.system}) mysqladm-rs; }; }; + nixosModules = { + default = self.nixosModules.mysqladm-rs; + mysqladm-rs = import ./nix/module.nix; + }; + packages = let cargoToml = builtins.fromTOML (builtins.readFile ./Cargo.toml); cargoLock = ./Cargo.lock; diff --git a/nix/module.nix b/nix/module.nix new file mode 100644 index 0000000..3ef5007 --- /dev/null +++ b/nix/module.nix @@ -0,0 +1,108 @@ +{ config, pkgs, lib, ... }: +let + cfg = config.services.mysqladm-rs; + format = pkgs.formats.toml { }; +in +{ + options.services.mysqladm-rs = { + enable = lib.mkEnableOption "Enable mysqladm-rs"; + + package = lib.mkPackageOption pkgs "mysqladm-rs" { }; + + createLocalUser = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Create a local database user for mysqladm-rs"; + }; + + settings = lib.mkOption { + default = { }; + type = lib.types.submodule { + freeformType = format.type; + options = { + server = { + socket_path = lib.mkOption { + type = lib.types.path; + default = "/var/run/mysqladm/mysqladm.sock"; + description = "Path to the MySQL socket"; + }; + }; + + mysql = { + host = lib.mkOption { + type = lib.types.str; + default = "localhost"; + description = "MySQL host"; + }; + port = lib.mkOption { + type = lib.types.int; + default = 3306; + description = "MySQL port"; + }; + username = lib.mkOption { + type = lib.types.str; + default = "root"; + description = "MySQL username"; + }; + # passwordFile = lib.mkOption { + # type = lib.types.path; + # default = "secret"; + # description = "Path to a file containing the MySQL password"; + # }; + password = lib.mkOption { + type = lib.types.str; + default = "secret"; + description = "MySQL password"; + }; + timeout = lib.mkOption { + type = lib.types.int; + default = 2; + description = "Number of seconds to wait for a response from the MySQL server"; + }; + }; + }; + }; + }; + }; + + config = let + configFile = format.generate "mysqladm-rs.conf" cfg.settings; + in lib.mkIf config.services.mysqladm-rs.enable { + environment.systemPackages = [ cfg.package ]; + + services.mysql.ensureUsers = lib.mkIf cfg.createLocalUser [ + { + name = "mysqladm"; + ensurePermissions = { + "mysql.*" = "SELECT, INSERT, UPDATE, DELETE"; + "information_schema.*" = "SELECT"; + "*.*" = "CREATE USER, GRANT OPTION"; + }; + } + ]; + + systemd.services."mysqladm@" = { + description = "MySQL administration tool for non-admin users"; + # after = [ "mysql.target" ]; + environment.RUST_LOG = "debug"; + serviceConfig = { + Type = "notify"; + ExecStart = "${lib.getExe cfg.package} server socket-activate --config ${configFile}"; + User = "mysqladm"; + Group = "mysqladm"; + DynamicUser = true; + }; + }; + + systemd.sockets."mysqladm" = { + description = "MySQL administration tool for non-admin users"; + wantedBy = [ "sockets.target" ]; + restartTriggers = [ configFile ]; + socketConfig = { + ListenStream = cfg.settings.server.socket_path; + Accept = "yes"; + PassCredentials = true; + }; + }; + }; +} \ No newline at end of file