From 998e66db650d98f78b373b3854355a436651c1b7 Mon Sep 17 00:00:00 2001
From: oysteikt <oysteikt@pvv.ntnu.no>
Date: Sun, 9 Jul 2023 23:45:32 +0200
Subject: [PATCH] bicep: enable mysql

---
 hosts/bicep/configuration.nix  |  1 +
 hosts/bicep/services/mysql.nix | 11 +++++++++++
 values.nix                     |  3 +++
 3 files changed, 15 insertions(+)

diff --git a/hosts/bicep/configuration.nix b/hosts/bicep/configuration.nix
index a25c154f..f333cf29 100644
--- a/hosts/bicep/configuration.nix
+++ b/hosts/bicep/configuration.nix
@@ -9,6 +9,7 @@
 
     ./services/mysql.nix
     ./services/postgres.nix
+    ./services/mysql.nix
 
     ./services/matrix
   ];
diff --git a/hosts/bicep/services/mysql.nix b/hosts/bicep/services/mysql.nix
index 0d7cc1ba..01198b7b 100644
--- a/hosts/bicep/services/mysql.nix
+++ b/hosts/bicep/services/mysql.nix
@@ -10,10 +10,21 @@
         max_connect_errors = 10000;
       };
     };
+
+    # Note: This user also has MAX_USER_CONNECTIONS set to 3, and
+    #       a password which can be found in /secrets/ildkule/ildkule.yaml
+    ensureUsers = [{
+      name = "prometheus_mysqld_exporter";
+      ensurePermissions = {
+	"*.*" = "PROCESS, REPLICATION CLIENT, SELECT";
+      };
+    }];
   };
 
   services.mysqlBackup = {
     enable = true;
     location = "/var/lib/mysql/backups";
   };
+
+  networking.firewall.allowedTCPPorts = [ 3306 ];
 }
diff --git a/values.nix b/values.nix
index ad4b4141..f2a847d3 100644
--- a/values.nix
+++ b/values.nix
@@ -10,6 +10,9 @@ in rec {
     postgres = {
       inherit (hosts.bicep) ipv4 ipv6;
     };
+    mysql = {
+      inherit (hosts.bicep) ipv4 ipv6;
+    };
     # Also on bicep
     turn = {
       ipv4 = pvv-ipv4 213;