Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: add amzebs-01 host

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2025-11-14 20:06:01 +01:00
parent 865311bf49
commit 20c5af7a69
11 changed files with 228 additions and 207 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
hosts/amzebs-01/modules/mysql.nix
View File

@@ -13,17 +13,31 @@
bind-address = "0.0.0.0";
};
};
};
# Create read-only user for remote access on initial MySQL setup
initialScript = pkgs.writeShellScript "mysql-init.sql" ''
# Create read-only user for remote access after MySQL starts
systemd.services.mysql-setup-readonly-user = {
description = "Setup MySQL read-only user";
after = [ "mysql.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
User = "root";
};
script = ''
PASSWORD=$(cat ${config.sops.secrets.mysql-readonly-password.path})
${pkgs.mariadb}/bin/mysql -u root <<EOF
CREATE USER IF NOT EXISTS 'api_ebs_amz_at_ro'@'%' IDENTIFIED BY '$PASSWORD';
GRANT SELECT ON api_ebs_amz_at.* TO 'api_ebs_amz_at_ro'@'%';
FLUSH PRIVILEGES;
EOF
CREATE USER IF NOT EXISTS 'api_ebs_amz_at_ro'@'%' IDENTIFIED BY '$PASSWORD';
GRANT SELECT ON api_ebs_amz_at.* TO 'api_ebs_amz_at_ro'@'%';
FLUSH PRIVILEGES;
EOF
'';
};
services.mysqlBackup.enable = true;
sops.secrets.mysql-readonly-password = {
owner = "mysql";
};
}