init
This commit is contained in:
commit
642869ce9b
27 changed files with 1414 additions and 0 deletions
123
modules/wiki-primary/mysql.nix
Normal file
123
modules/wiki-primary/mysql.nix
Normal file
|
|
@ -0,0 +1,123 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
siteConfig,
|
||||
...
|
||||
}:
|
||||
let
|
||||
dbName = siteConfig.database.name;
|
||||
wikiUser = siteConfig.database.mediawikiUser;
|
||||
replicationUser = siteConfig.database.replicationUser;
|
||||
mysqlCli = "${pkgs.mariadb}/bin/mysql -u root";
|
||||
bootstrapSql = pkgs.writeText "mysql-bootstrap.sql" ''
|
||||
SET @wiki_pass = FROM_BASE64('$wiki_pass_b64');
|
||||
SET @repl_pass = FROM_BASE64('$repl_pass_b64');
|
||||
|
||||
CREATE DATABASE IF NOT EXISTS \`${dbName}\`;
|
||||
|
||||
SET @create_wiki_user = CONCAT(
|
||||
"CREATE USER IF NOT EXISTS '${wikiUser}'@'localhost' IDENTIFIED BY ",
|
||||
QUOTE(@wiki_pass)
|
||||
);
|
||||
PREPARE stmt FROM @create_wiki_user;
|
||||
EXECUTE stmt;
|
||||
DEALLOCATE PREPARE stmt;
|
||||
|
||||
SET @alter_wiki_user = CONCAT(
|
||||
"ALTER USER '${wikiUser}'@'localhost' IDENTIFIED BY ",
|
||||
QUOTE(@wiki_pass)
|
||||
);
|
||||
PREPARE stmt FROM @alter_wiki_user;
|
||||
EXECUTE stmt;
|
||||
DEALLOCATE PREPARE stmt;
|
||||
|
||||
GRANT ALL PRIVILEGES ON \`${dbName}\`.* TO '${wikiUser}'@'localhost';
|
||||
|
||||
SET @create_repl_user = CONCAT(
|
||||
"CREATE USER IF NOT EXISTS '${replicationUser}'@'%' IDENTIFIED BY ",
|
||||
QUOTE(@repl_pass)
|
||||
);
|
||||
PREPARE stmt FROM @create_repl_user;
|
||||
EXECUTE stmt;
|
||||
DEALLOCATE PREPARE stmt;
|
||||
|
||||
SET @alter_repl_user = CONCAT(
|
||||
"ALTER USER '${replicationUser}'@'%' IDENTIFIED BY ",
|
||||
QUOTE(@repl_pass)
|
||||
);
|
||||
PREPARE stmt FROM @alter_repl_user;
|
||||
EXECUTE stmt;
|
||||
DEALLOCATE PREPARE stmt;
|
||||
|
||||
GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO '${replicationUser}'@'%';
|
||||
FLUSH PRIVILEGES;
|
||||
'';
|
||||
in
|
||||
{
|
||||
services.mysql = {
|
||||
enable = true;
|
||||
package = pkgs.mariadb;
|
||||
|
||||
settings.mysqld = {
|
||||
bind-address = "0.0.0.0";
|
||||
server-id = 1;
|
||||
log_bin = "mysql-bin";
|
||||
log_slave_updates = 1;
|
||||
binlog_format = "ROW";
|
||||
gtid_strict_mode = 1;
|
||||
innodb_file_per_table = 1;
|
||||
innodb_buffer_pool_size = "4G";
|
||||
innodb_log_file_size = "512M";
|
||||
innodb_flush_method = "O_DIRECT";
|
||||
innodb_flush_neighbors = 0;
|
||||
innodb_io_capacity = 1000;
|
||||
innodb_io_capacity_max = 2000;
|
||||
max_connections = 80;
|
||||
thread_cache_size = 100;
|
||||
table_open_cache = 4000;
|
||||
tmp_table_size = "64M";
|
||||
max_heap_table_size = "64M";
|
||||
performance_schema = true;
|
||||
slow_query_log = 1;
|
||||
long_query_time = 1;
|
||||
skip_name_resolve = 1;
|
||||
};
|
||||
};
|
||||
|
||||
age.secrets.mysql-replication = {
|
||||
file = ../../secrets/mysql-replication.age;
|
||||
owner = "mysql";
|
||||
group = "mysql";
|
||||
mode = "0400";
|
||||
};
|
||||
|
||||
systemd.services.mysql-bootstrap = {
|
||||
description = "Create MediaWiki database and users";
|
||||
after = [ "mysql.service" ];
|
||||
requires = [ "mysql.service" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
script = ''
|
||||
set -euo pipefail
|
||||
|
||||
read_secret_b64() {
|
||||
tr -d '\n' < "$1" | base64 -w0
|
||||
}
|
||||
|
||||
wiki_pass_b64="$(read_secret_b64 ${config.age.secrets.mysql-mediawiki.path})"
|
||||
repl_pass_b64="$(read_secret_b64 ${config.age.secrets.mysql-replication.path})"
|
||||
|
||||
${mysqlCli} <<SQL
|
||||
$(< ${bootstrapSql})
|
||||
SQL
|
||||
'';
|
||||
};
|
||||
|
||||
systemd.services.mediawiki-init = {
|
||||
after = [ "mysql-bootstrap.service" ];
|
||||
requires = [ "mysql-bootstrap.service" ];
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue