nixfmt

2026-02-21 09:27:51 +01:00 · 2026-02-20 18:12:39 +01:00
parent eedb94b998
commit 54a6b687dd
127 changed files with 3804 additions and 2402 deletions
--- a/hosts/bicep/services/mysql/backup.nix
+++ b/hosts/bicep/services/mysql/backup.nix
@@ -1,4 +1,10 @@
-{ config, lib, pkgs, values, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  values,
+  ...
+}:
 let
  cfg = config.services.mysql;
  backupDir = "/data/mysql-backups";
@@ -10,10 +16,10 @@ in
  # };

  systemd.tmpfiles.settings."10-mysql-backups".${backupDir}.d = {
-	  user = "mysql";
-	  group = "mysql";
-	  mode = "700";
-	};
+    user = "mysql";
+    group = "mysql";
+    mode = "700";
+  };

  services.rsync-pull-targets = lib.mkIf cfg.enable {
    enable = true;
@@ -44,23 +50,25 @@ in
      zstd
    ];

-    script = let
-      rotations = 2;
-    in ''
-      set -euo pipefail
+    script =
+      let
+        rotations = 2;
+      in
+      ''
+        set -euo pipefail

-      OUT_FILE="$STATE_DIRECTORY/mysql-dump-$(date --iso-8601).sql.zst"
+        OUT_FILE="$STATE_DIRECTORY/mysql-dump-$(date --iso-8601).sql.zst"

-      mysqldump --all-databases | zstd --compress -9 --rsyncable -o "$OUT_FILE"
+        mysqldump --all-databases | zstd --compress -9 --rsyncable -o "$OUT_FILE"

-      # NOTE: this needs to be a hardlink for rrsync to allow sending it
-      rm "$STATE_DIRECTORY/mysql-dump-latest.sql.zst" ||:
-      ln -T "$OUT_FILE" "$STATE_DIRECTORY/mysql-dump-latest.sql.zst"
+        # NOTE: this needs to be a hardlink for rrsync to allow sending it
+        rm "$STATE_DIRECTORY/mysql-dump-latest.sql.zst" ||:
+        ln -T "$OUT_FILE" "$STATE_DIRECTORY/mysql-dump-latest.sql.zst"

-      while [ "$(find "$STATE_DIRECTORY" -type f -printf '.' | wc -c)" -gt ${toString (rotations + 1)} ]; do
-        rm "$(find "$STATE_DIRECTORY" -type f -printf '%T+ %p\n' | sort | head -n 1 | cut -d' ' -f2)"
-      done
-    '';
+        while [ "$(find "$STATE_DIRECTORY" -type f -printf '.' | wc -c)" -gt ${toString (rotations + 1)} ]; do
+          rm "$(find "$STATE_DIRECTORY" -type f -printf '%T+ %p\n' | sort | head -n 1 | cut -d' ' -f2)"
+        done
+      '';

    serviceConfig = {
      Type = "oneshot";
--- a/hosts/bicep/services/mysql/default.nix
+++ b/hosts/bicep/services/mysql/default.nix
@@ -1,4 +1,10 @@
-{ config, pkgs, lib, values, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  values,
+  ...
+}:
 let
  cfg = config.services.mysql;
  dataDir = "/data/mysql";
@@ -36,12 +42,14 @@ in
    #       a password which can be found in /secrets/ildkule/ildkule.yaml
    #       We have also changed both the host and auth plugin of this user
    #       to be 'ildkule.pvv.ntnu.no' and 'mysql_native_password' respectively.
-    ensureUsers = [{
-      name = "prometheus_mysqld_exporter";
-      ensurePermissions = {
-        "*.*" = "PROCESS, REPLICATION CLIENT, SELECT, SLAVE MONITOR";
-      };
-    }];
+    ensureUsers = [
+      {
+        name = "prometheus_mysqld_exporter";
+        ensurePermissions = {
+          "*.*" = "PROCESS, REPLICATION CLIENT, SELECT, SLAVE MONITOR";
+        };
+      }
+    ];
  };

  networking.firewall.allowedTCPPorts = lib.mkIf cfg.enable [ 3306 ];