services.mariadb: fix

2026-01-12 04:39:23 +08:00 · 2024-05-30 15:23:00 +08:00
parent 7aeb283101
commit e0bec05c59
2 changed files with 39 additions and 44 deletions
--- a/modules/services/mariadb.nix
+++ b/modules/services/mariadb.nix
@@ -2,7 +2,7 @@ inputs:
 {
  options.nixos.services.mariadb = let inherit (inputs.lib) mkOption types; in
  {
-    enable = mkOption { type = types.bool; default = false; };
+    enable = mkOption { type = types.bool; default = inputs.nixos.services.mariadb.instances != {}; };
    instances = mkOption
    {
      type = types.attrsOf (types.submodule (submoduleInputs: { options =
@@ -14,46 +14,46 @@ inputs:
      default = {};
    };
  };
-  config =
-    let
-      inherit (inputs.config.nixos.services) mariadb;
-      inherit (inputs.lib) mkAfter mkIf;
-      inherit (inputs.localLib) attrsToList;
-      inherit (builtins) map listToAttrs concatStringsSep filter;
-    in mkIf mariadb.enable
+  config = let inherit (inputs.config.nixos.services) mariadb; in inputs.lib.mkIf mariadb.enable
+  {
+    services =
    {
-      services =
+      mysql =
      {
-        mysql =
-        {
-          enable = true;
-          package = inputs.pkgs.mariadb;
-          settings.mysqld.skip_name_resolve = true;
-          ensureDatabases = map (db: db.value.database) (attrsToList mariadb.instances);
-          ensureUsers = map
-            (db: { name = db.value.user; ensurePermissions."${db.value.database}.*" = "ALL PRIVILEGES"; })
-            (attrsToList mariadb.instances);
-        };
-        mysqlBackup =
-        {
-          enable = true;
-          singleTransaction = true;
-          databases = map (db: db.value.database) (attrsToList mariadb.instances);
-        };
+        enable = true;
+        package = inputs.pkgs.mariadb;
+        settings.mysqld.skip_name_resolve = true;
+        ensureDatabases = builtins.map (db: db.value.database) (inputs.localLib.attrsToList mariadb.instances);
+        ensureUsers = builtins.map
+          (db: { name = db.value.user; ensurePermissions."${db.value.database}.*" = "ALL PRIVILEGES"; })
+          (inputs.localLib.attrsToList mariadb.instances);
+      };
+      mysqlBackup =
+      {
+        enable = true;
+        singleTransaction = true;
+        databases = builtins.map (db: db.value.database) (inputs.localLib.attrsToList mariadb.instances);
      };
-      systemd.services.mysql.postStart = mkAfter (concatStringsSep "\n" (map
-        (db:
-          let
-            passwordFile =
-              if db.value.passwordFile or null != null then db.value.passwordFile
-              else inputs.config.sops.secrets."mariadb/${db.value.user}".path;
-            mysql = "${inputs.config.services.mysql.package}/bin/mysql";
-          in
-            # force user use password auth
-            ''echo "ALTER USER '${db.value.user}' IDENTIFIED BY '$(cat ${passwordFile})';" | ${mysql} -N'')
-        (attrsToList mariadb.instances)));
-      sops.secrets = listToAttrs (map
-        (db: { name = "mariadb/${db.value.user}"; value.owner = inputs.config.users.users.mysql.name; })
-        (filter (db: db.value.passwordFile == null) (attrsToList mariadb.instances)));
    };
+    systemd.services.mysql.postStart = inputs.lib.mkAfter (builtins.concatStringsSep "\n" (builtins.map
+      (db:
+        let
+          passwordFile =
+            if db.value.passwordFile or null != null then db.value.passwordFile
+            else inputs.config.sops.secrets."mariadb/${db.value.user}".path;
+          mysql = "${inputs.config.services.mysql.package}/bin/mysql";
+        in
+          # force user use password auth
+          ''echo "ALTER USER '${db.value.user}' IDENTIFIED BY '$(cat ${passwordFile})';" | ${mysql} -N'')
+      (inputs.localLib.attrsToList mariadb.instances)));
+    sops.secrets = builtins.listToAttrs (builtins.map
+      (db: { name = "mariadb/${db.value.user}"; value.owner = inputs.config.users.users.mysql.name; })
+      (builtins.filter (db: db.value.passwordFile == null) (inputs.localLib.attrsToList mariadb.instances)));
+    environment.persistence =
+      let inherit (inputs.config.nixos.system) impermanence; in inputs.lib.mkIf impermanence.enable
+      {
+        "${impermanence.nodatacow}".directories = let user = "mysql"; in
+          [{ directory = "/var/lib/mysql"; inherit user; group = user; mode = "0750"; }];
+      };
+  };
 }
--- a/modules/system/impermanence.nix
+++ b/modules/system/impermanence.nix
@@ -67,11 +67,6 @@ inputs:
              if inputs.config.nixos.virtualization.kvmHost.enable then
                [{ directory = "/var/lib/libvirt/images"; mode = "0711"; }]
              else []
-            )
-            ++ (
-              if inputs.config.nixos.services.mariadb.enable then let user = inputs.config.users.users.mysql; in
-                [{ directory = "/var/lib/mysql"; user = user.name; group = user.group; mode = "0750"; }]
-              else []
            );
        };
      };