diff options
author | Alyssa Ross <hi@alyssa.is> | 2019-04-14 17:50:16 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2019-04-14 17:50:16 +0000 |
commit | 439ebf093f2779d73bc76484a36be2889cc807bf (patch) | |
tree | 7dd3b84fb345c228165c2dae6c7cdd54b433db9e /nixpkgs/nixos/modules/services/databases | |
parent | d7417c2c1096b13fe903af802c7cf019fca14a7b (diff) | |
parent | 0c0954781e257b8b0dc49341795a2fe7d96945a3 (diff) | |
download | nixlib-439ebf093f2779d73bc76484a36be2889cc807bf.tar nixlib-439ebf093f2779d73bc76484a36be2889cc807bf.tar.gz nixlib-439ebf093f2779d73bc76484a36be2889cc807bf.tar.bz2 nixlib-439ebf093f2779d73bc76484a36be2889cc807bf.tar.lz nixlib-439ebf093f2779d73bc76484a36be2889cc807bf.tar.xz nixlib-439ebf093f2779d73bc76484a36be2889cc807bf.tar.zst nixlib-439ebf093f2779d73bc76484a36be2889cc807bf.zip |
Merge commit '0c0954781e257b8b0dc49341795a2fe7d96945a3'
Diffstat (limited to 'nixpkgs/nixos/modules/services/databases')
-rw-r--r-- | nixpkgs/nixos/modules/services/databases/mysql.nix | 82 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/services/databases/openldap.nix | 94 | ||||
-rw-r--r-- | nixpkgs/nixos/modules/services/databases/postgresql.nix | 1 |
3 files changed, 162 insertions, 15 deletions
diff --git a/nixpkgs/nixos/modules/services/databases/mysql.nix b/nixpkgs/nixos/modules/services/databases/mysql.nix index 467feb09b3a3..89291d4438ff 100644 --- a/nixpkgs/nixos/modules/services/databases/mysql.nix +++ b/nixpkgs/nixos/modules/services/databases/mysql.nix @@ -103,6 +103,24 @@ in }; initialDatabases = mkOption { + type = types.listOf (types.submodule { + options = { + name = mkOption { + type = types.str; + description = '' + The name of the database to create. + ''; + }; + schema = mkOption { + type = types.nullOr types.path; + default = null; + description = '' + The initial schema of the database; if null (the default), + an empty database is created. + ''; + }; + }; + }); default = []; description = '' List of database names and their initial schemas that should be used to create databases on the first startup @@ -115,11 +133,13 @@ in }; initialScript = mkOption { + type = types.nullOr types.lines; default = null; description = "A file containing SQL statements to be executed on the first startup. Can be used for granting certain permissions on the database"; }; ensureDatabases = mkOption { + type = types.listOf types.str; default = []; description = '' Ensures that the specified databases exist. @@ -134,6 +154,38 @@ in }; ensureUsers = mkOption { + type = types.listOf (types.submodule { + options = { + name = mkOption { + type = types.str; + description = '' + Name of the user to ensure. + ''; + }; + ensurePermissions = mkOption { + type = types.attrsOf types.str; + default = {}; + description = '' + Permissions to ensure for the user, specified as attribute set. + The attribute names specify the database and tables to grant the permissions for, + separated by a dot. You may use wildcards here. + The attribute values specfiy the permissions to grant. + You may specify one or multiple comma-separated SQL privileges here. + + For more information on how to specify the target + and on which privileges exist, see the + <link xlink:href="https://mariadb.com/kb/en/library/grant/">GRANT syntax</link>. + The attributes are used as <code>GRANT ''${attrName} ON ''${attrValue}</code>. + ''; + example = literalExample '' + { + "database.*" = "ALL PRIVILEGES"; + "*.*" = "SELECT, LOCK TABLES"; + } + ''; + }; + }; + }); default = []; description = '' Ensures that the specified users exist and have at least the ensured permissions. @@ -143,20 +195,22 @@ in option is changed. This means that users created and permissions assigned once through this option or otherwise have to be removed manually. ''; - example = literalExample ''[ - { - name = "nextcloud"; - ensurePermissions = { - "nextcloud.*" = "ALL PRIVILEGES"; - }; - } - { - name = "backup"; - ensurePermissions = { - "*.*" = "SELECT, LOCK TABLES"; - }; - } - ]''; + example = literalExample '' + [ + { + name = "nextcloud"; + ensurePermissions = { + "nextcloud.*" = "ALL PRIVILEGES"; + }; + } + { + name = "backup"; + ensurePermissions = { + "*.*" = "SELECT, LOCK TABLES"; + }; + } + ] + ''; }; # FIXME: remove this option; it's a really bad idea. diff --git a/nixpkgs/nixos/modules/services/databases/openldap.nix b/nixpkgs/nixos/modules/services/databases/openldap.nix index 5c302752781e..bb658918cb0d 100644 --- a/nixpkgs/nixos/modules/services/databases/openldap.nix +++ b/nixpkgs/nixos/modules/services/databases/openldap.nix @@ -8,7 +8,20 @@ let openldap = pkgs.openldap; dataFile = pkgs.writeText "ldap-contents.ldif" cfg.declarativeContents; - configFile = pkgs.writeText "slapd.conf" cfg.extraConfig; + configFile = pkgs.writeText "slapd.conf" ((optionalString cfg.defaultSchemas '' + include ${pkgs.openldap.out}/etc/schema/core.schema + include ${pkgs.openldap.out}/etc/schema/cosine.schema + include ${pkgs.openldap.out}/etc/schema/inetorgperson.schema + include ${pkgs.openldap.out}/etc/schema/nis.schema + '') + '' + ${cfg.extraConfig} + database ${cfg.database} + suffix ${cfg.suffix} + rootdn ${cfg.rootdn} + rootpw ${cfg.rootpw} + directory ${cfg.dataDir} + ${cfg.extraDatabaseConfig} + ''); configOpts = if cfg.configDir == null then "-f ${configFile}" else "-F ${cfg.configDir}"; in @@ -54,6 +67,52 @@ in description = "The database directory."; }; + defaultSchemas = mkOption { + type = types.bool; + default = true; + description = '' + Include the default schemas core, cosine, inetorgperson and nis. + This setting will be ignored if configDir is set. + ''; + }; + + database = mkOption { + type = types.str; + default = "mdb"; + description = '' + Database type to use for the LDAP. + This setting will be ignored if configDir is set. + ''; + }; + + suffix = mkOption { + type = types.str; + example = "dc=example,dc=org"; + description = '' + Specify the DN suffix of queries that will be passed to this backend + database. + This setting will be ignored if configDir is set. + ''; + }; + + rootdn = mkOption { + type = types.str; + example = "cn=admin,dc=example,dc=org"; + description = '' + Specify the distinguished name that is not subject to access control + or administrative limit restrictions for operations on this database. + This setting will be ignored if configDir is set. + ''; + }; + + rootpw = mkOption { + type = types.str; + description = '' + Password for the root user. + This setting will be ignored if configDir is set. + ''; + }; + logLevel = mkOption { type = types.str; default = "0"; @@ -118,6 +177,39 @@ in # ... ''; }; + + extraDatabaseConfig = mkOption { + type = types.lines; + default = ""; + description = '' + slapd.conf configuration after the database option. + This setting will be ignored if configDir is set. + ''; + example = '' + # Indices to maintain for this directory + # unique id so equality match only + index uid eq + # allows general searching on commonname, givenname and email + index cn,gn,mail eq,sub + # allows multiple variants on surname searching + index sn eq,sub + # sub above includes subintial,subany,subfinal + # optimise department searches + index ou eq + # if searches will include objectClass uncomment following + # index objectClass eq + # shows use of default index parameter + index default eq,sub + # indices missing - uses default eq,sub + index telephonenumber + + # other database parameters + # read more in slapd.conf reference section + cachesize 10000 + checkpoint 128 15 + ''; + }; + }; }; diff --git a/nixpkgs/nixos/modules/services/databases/postgresql.nix b/nixpkgs/nixos/modules/services/databases/postgresql.nix index aeab445a9983..87b236dd5fd1 100644 --- a/nixpkgs/nixos/modules/services/databases/postgresql.nix +++ b/nixpkgs/nixos/modules/services/databases/postgresql.nix @@ -238,6 +238,7 @@ in User = "postgres"; Group = "postgres"; PermissionsStartOnly = true; + RuntimeDirectory = "postgresql"; Type = if lib.versionAtLeast cfg.package.version "9.6" then "notify" else "simple"; |