diff options
author | Alyssa Ross <hi@alyssa.is> | 2019-07-14 15:50:11 +0000 |
---|---|---|
committer | Alyssa Ross <hi@alyssa.is> | 2019-08-14 00:01:17 +0000 |
commit | 69a15dd2dc85051ba1436613805f9286850e0596 (patch) | |
tree | d53cec2bb5b8d07df1d1919b212cb2deb3628cd6 /nixpkgs/nixos/modules/services/databases | |
parent | 6941276da135c3eb3b50e0be33d92e7d01ccba9a (diff) | |
parent | beff2f8d75ef2c65017fb25e251337c6bb2e950d (diff) | |
download | nixlib-69a15dd2dc85051ba1436613805f9286850e0596.tar nixlib-69a15dd2dc85051ba1436613805f9286850e0596.tar.gz nixlib-69a15dd2dc85051ba1436613805f9286850e0596.tar.bz2 nixlib-69a15dd2dc85051ba1436613805f9286850e0596.tar.lz nixlib-69a15dd2dc85051ba1436613805f9286850e0596.tar.xz nixlib-69a15dd2dc85051ba1436613805f9286850e0596.tar.zst nixlib-69a15dd2dc85051ba1436613805f9286850e0596.zip |
Merge commit 'beff2f8d75ef2c65017fb25e251337c6bb2e950d'
v# modified: nixpkgs/pkgs/tools/networking/dhcpcd/default.nix
Diffstat (limited to 'nixpkgs/nixos/modules/services/databases')
5 files changed, 118 insertions, 144 deletions
diff --git a/nixpkgs/nixos/modules/services/databases/cassandra.nix b/nixpkgs/nixos/modules/services/databases/cassandra.nix index e2ea9fcda6b0..a9da3a3c5620 100644 --- a/nixpkgs/nixos/modules/services/databases/cassandra.nix +++ b/nixpkgs/nixos/modules/services/databases/cassandra.nix @@ -71,7 +71,7 @@ in { ''; clusterName = mkOption { type = types.str; - default = "NixOS Test Cluster"; + default = "Test Cluster"; description = '' The name of the cluster. This setting prevents nodes in one logical cluster from joining diff --git a/nixpkgs/nixos/modules/services/databases/firebird.nix b/nixpkgs/nixos/modules/services/databases/firebird.nix index cc81b440450b..042c9841df54 100644 --- a/nixpkgs/nixos/modules/services/databases/firebird.nix +++ b/nixpkgs/nixos/modules/services/databases/firebird.nix @@ -95,6 +95,11 @@ in environment.systemPackages = [cfg.package]; + systemd.tmpfiles.rules = [ + "d '${dataDir}' 0700 ${cfg.user} - - -" + "d '${systemDir}' 0700 ${cfg.user} - - -" + ]; + systemd.services.firebird = { description = "Firebird Super-Server"; @@ -104,21 +109,16 @@ in # is a better way preStart = '' - mkdir -m 0700 -p \ - "${dataDir}" \ - "${systemDir}" \ - /var/log/firebird - if ! test -e "${systemDir}/security2.fdb"; then cp ${firebird}/security2.fdb "${systemDir}" fi - chown -R ${cfg.user} "${dataDir}" "${systemDir}" /var/log/firebird chmod -R 700 "${dataDir}" "${systemDir}" /var/log/firebird ''; - serviceConfig.PermissionsStartOnly = true; # preStart must be run as root serviceConfig.User = cfg.user; + serviceConfig.LogsDirectory = "firebird"; + serviceConfig.LogsDirectoryMode = "0700"; serviceConfig.ExecStart = ''${firebird}/bin/fbserver -d''; # TODO think about shutdown diff --git a/nixpkgs/nixos/modules/services/databases/foundationdb.nix b/nixpkgs/nixos/modules/services/databases/foundationdb.nix index 490c5e9d005a..6182da5e7d65 100644 --- a/nixpkgs/nixos/modules/services/databases/foundationdb.nix +++ b/nixpkgs/nixos/modules/services/databases/foundationdb.nix @@ -359,6 +359,13 @@ in } ]; + systemd.tmpfiles.rules = [ + "d /etc/foundationdb 0755 ${cfg.user} ${cfg.group} - -" + "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -" + "d '${cfg.logDir}' 0770 ${cfg.user} ${cfg.group} - -" + "F '${cfg.pidFile}' - ${cfg.user} ${cfg.group} - -" + ]; + systemd.services.foundationdb = { description = "FoundationDB Service"; @@ -396,25 +403,12 @@ in path = [ pkg pkgs.coreutils ]; preStart = '' - rm -f ${cfg.pidfile} && \ - touch ${cfg.pidfile} && \ - chown -R ${cfg.user}:${cfg.group} ${cfg.pidfile} - - for x in "${cfg.logDir}" "${cfg.dataDir}"; do - [ ! -d "$x" ] && mkdir -m 0770 -vp "$x"; - chown -R ${cfg.user}:${cfg.group} "$x"; - done - - [ ! -d /etc/foundationdb ] && \ - mkdir -m 0775 -vp /etc/foundationdb && \ - chown -R ${cfg.user}:${cfg.group} "/etc/foundationdb" - if [ ! -f /etc/foundationdb/fdb.cluster ]; then cf=/etc/foundationdb/fdb.cluster desc=$(tr -dc A-Za-z0-9 </dev/urandom 2>/dev/null | head -c8) rand=$(tr -dc A-Za-z0-9 </dev/urandom 2>/dev/null | head -c8) echo ''${desc}:''${rand}@${initialIpAddr}:${builtins.toString cfg.listenPortStart} > $cf - chmod 0664 $cf && chown -R ${cfg.user}:${cfg.group} $cf + chmod 0664 $cf touch "${cfg.dataDir}/.first_startup" fi ''; diff --git a/nixpkgs/nixos/modules/services/databases/hbase.nix b/nixpkgs/nixos/modules/services/databases/hbase.nix index 52f2d95b4e00..589c8cf5ec80 100644 --- a/nixpkgs/nixos/modules/services/databases/hbase.nix +++ b/nixpkgs/nixos/modules/services/databases/hbase.nix @@ -94,6 +94,11 @@ in { config = mkIf config.services.hbase.enable { + systemd.tmpfiles.rules = [ + "d '${cfg.dataDir}' - ${cfg.user} ${cfg.group} - -" + "d '${cfg.logDir}' - ${cfg.user} ${cfg.group} - -" + ]; + systemd.services.hbase = { description = "HBase Server"; wantedBy = [ "multi-user.target" ]; @@ -103,19 +108,7 @@ in { HBASE_LOG_DIR = cfg.logDir; }; - preStart = - '' - mkdir -p ${cfg.dataDir}; - mkdir -p ${cfg.logDir}; - - if [ "$(id -u)" = 0 ]; then - chown ${cfg.user}:${cfg.group} ${cfg.dataDir} - chown ${cfg.user}:${cfg.group} ${cfg.logDir} - fi - ''; - serviceConfig = { - PermissionsStartOnly = true; User = cfg.user; Group = cfg.group; ExecStart = "${cfg.package}/bin/hbase --config ${configDir} master start"; diff --git a/nixpkgs/nixos/modules/services/databases/mysql.nix b/nixpkgs/nixos/modules/services/databases/mysql.nix index 66d55b650a45..df74cfc9a26b 100644 --- a/nixpkgs/nixos/modules/services/databases/mysql.nix +++ b/nixpkgs/nixos/modules/services/databases/mysql.nix @@ -204,12 +204,6 @@ in ''; }; - # FIXME: remove this option; it's a really bad idea. - rootPassword = mkOption { - default = null; - description = "Path to a file containing the root password, modified on the first startup. Not specifying a root password will leave the root password empty."; - }; - replication = { role = mkOption { type = types.enum [ "master" "slave" "none" ]; @@ -323,114 +317,107 @@ in RuntimeDirectoryMode = "0755"; # The last two environment variables are used for starting Galera clusters ExecStart = "${mysql}/bin/mysqld --defaults-file=/etc/my.cnf ${mysqldOptions} $_WSREP_NEW_CLUSTER $_WSREP_START_POSITION"; - }; - - postStart = - let - cmdWatchForMysqlSocket = '' - # Wait until the MySQL server is available for use - count=0 - while [ ! -e /run/mysqld/mysqld.sock ] - do - if [ $count -eq 30 ] - then - echo "Tried 30 times, giving up..." - exit 1 - fi - - echo "MySQL daemon not yet started. Waiting for 1 second..." - count=$((count++)) - sleep 1 - done - ''; - cmdInitialDatabases = concatMapStrings (database: '' - # Create initial databases - if ! test -e "${cfg.dataDir}/${database.name}"; then - echo "Creating initial database: ${database.name}" - ( echo 'create database `${database.name}`;' - - ${optionalString (database.schema != null) '' - echo 'use `${database.name}`;' - - # TODO: this silently falls through if database.schema does not exist, - # we should catch this somehow and exit, but can't do it here because we're in a subshell. - if [ -f "${database.schema}" ] - then - cat ${database.schema} - elif [ -d "${database.schema}" ] - then - cat ${database.schema}/mysql-databases/*.sql - fi - ''} + ExecStartPost = + let + setupScript = pkgs.writeScript "mysql-setup" '' + #!${pkgs.runtimeShell} -e + + ${optionalString (!hasNotify) '' + # Wait until the MySQL server is available for use + count=0 + while [ ! -e /run/mysqld/mysqld.sock ] + do + if [ $count -eq 30 ] + then + echo "Tried 30 times, giving up..." + exit 1 + fi + + echo "MySQL daemon not yet started. Waiting for 1 second..." + count=$((count++)) + sleep 1 + done + ''} + + if [ -f /tmp/mysql_init ] + then + ${concatMapStrings (database: '' + # Create initial databases + if ! test -e "${cfg.dataDir}/${database.name}"; then + echo "Creating initial database: ${database.name}" + ( echo 'create database `${database.name}`;' + + ${optionalString (database.schema != null) '' + echo 'use `${database.name}`;' + + # TODO: this silently falls through if database.schema does not exist, + # we should catch this somehow and exit, but can't do it here because we're in a subshell. + if [ -f "${database.schema}" ] + then + cat ${database.schema} + elif [ -d "${database.schema}" ] + then + cat ${database.schema}/mysql-databases/*.sql + fi + ''} + ) | ${mysql}/bin/mysql -u root -N + fi + '') cfg.initialDatabases} + + ${optionalString (cfg.replication.role == "master") + '' + # Set up the replication master + + ( echo "use mysql;" + echo "CREATE USER '${cfg.replication.masterUser}'@'${cfg.replication.slaveHost}' IDENTIFIED WITH mysql_native_password;" + echo "SET PASSWORD FOR '${cfg.replication.masterUser}'@'${cfg.replication.slaveHost}' = PASSWORD('${cfg.replication.masterPassword}');" + echo "GRANT REPLICATION SLAVE ON *.* TO '${cfg.replication.masterUser}'@'${cfg.replication.slaveHost}';" + ) | ${mysql}/bin/mysql -u root -N + ''} + + ${optionalString (cfg.replication.role == "slave") + '' + # Set up the replication slave + + ( echo "stop slave;" + echo "change master to master_host='${cfg.replication.masterHost}', master_user='${cfg.replication.masterUser}', master_password='${cfg.replication.masterPassword}';" + echo "start slave;" + ) | ${mysql}/bin/mysql -u root -N + ''} + + ${optionalString (cfg.initialScript != null) + '' + # Execute initial script + # using toString to avoid copying the file to nix store if given as path instead of string, + # as it might contain credentials + cat ${toString cfg.initialScript} | ${mysql}/bin/mysql -u root -N + ''} + + rm /tmp/mysql_init + fi + + ${optionalString (cfg.ensureDatabases != []) '' + ( + ${concatMapStrings (database: '' + echo "CREATE DATABASE IF NOT EXISTS \`${database}\`;" + '') cfg.ensureDatabases} ) | ${mysql}/bin/mysql -u root -N - fi - '') cfg.initialDatabases; - in - - lib.optionalString (!hasNotify) cmdWatchForMysqlSocket + '' - if [ -f /tmp/mysql_init ] - then - ${cmdInitialDatabases} - ${optionalString (cfg.replication.role == "master") - '' - # Set up the replication master - - ( echo "use mysql;" - echo "CREATE USER '${cfg.replication.masterUser}'@'${cfg.replication.slaveHost}' IDENTIFIED WITH mysql_native_password;" - echo "SET PASSWORD FOR '${cfg.replication.masterUser}'@'${cfg.replication.slaveHost}' = PASSWORD('${cfg.replication.masterPassword}');" - echo "GRANT REPLICATION SLAVE ON *.* TO '${cfg.replication.masterUser}'@'${cfg.replication.slaveHost}';" - ) | ${mysql}/bin/mysql -u root -N - ''} + ''} - ${optionalString (cfg.replication.role == "slave") + ${concatMapStrings (user: '' - # Set up the replication slave - - ( echo "stop slave;" - echo "change master to master_host='${cfg.replication.masterHost}', master_user='${cfg.replication.masterUser}', master_password='${cfg.replication.masterPassword}';" - echo "start slave;" + ( echo "CREATE USER IF NOT EXISTS '${user.name}'@'localhost' IDENTIFIED WITH ${if isMariaDB then "unix_socket" else "auth_socket"};" + ${concatStringsSep "\n" (mapAttrsToList (database: permission: '' + echo "GRANT ${permission} ON ${database} TO '${user.name}'@'localhost';" + '') user.ensurePermissions)} ) | ${mysql}/bin/mysql -u root -N - ''} - - ${optionalString (cfg.initialScript != null) - '' - # Execute initial script - # using toString to avoid copying the file to nix store if given as path instead of string, - # as it might contain credentials - cat ${toString cfg.initialScript} | ${mysql}/bin/mysql -u root -N - ''} - - ${optionalString (cfg.rootPassword != null) - '' - # Change root password - - ( echo "use mysql;" - echo "update user set Password=password('$(cat ${cfg.rootPassword})') where User='root';" - echo "flush privileges;" - ) | ${mysql}/bin/mysql -u root -N - ''} - - rm /tmp/mysql_init - fi - - ${optionalString (cfg.ensureDatabases != []) '' - ( - ${concatMapStrings (database: '' - echo "CREATE DATABASE IF NOT EXISTS \`${database}\`;" - '') cfg.ensureDatabases} - ) | ${mysql}/bin/mysql -u root -N - ''} - - ${concatMapStrings (user: - '' - ( echo "CREATE USER IF NOT EXISTS '${user.name}'@'localhost' IDENTIFIED WITH ${if isMariaDB then "unix_socket" else "auth_socket"};" - ${concatStringsSep "\n" (mapAttrsToList (database: permission: '' - echo "GRANT ${permission} ON ${database} TO '${user.name}'@'localhost';" - '') user.ensurePermissions)} - ) | ${mysql}/bin/mysql -u root -N - '') cfg.ensureUsers} - - ''; # */ + '') cfg.ensureUsers} + ''; + in + # ensureDatbases & ensureUsers depends on this script being run as root + # when the user has secured their mysql install + "+${setupScript}"; + }; }; }; |