Mysql
users.mysql.database
The name of the database containing the users
Type: string
Example
"auth"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.enable
Whether to enable authentication against a MySQL/MariaDB database.
Type: boolean
Default
false
Example
true
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.host
The hostname of the MySQL/MariaDB server
Type: string
Example
"localhost"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.nss
Settings for libnss-mysql.
All examples are from the minimal example
of libnss-mysql, but they are modified with NixOS paths for bash.
Type: submodule
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.nss.getgrent
SQL query for the getgrent syscall.
Type: null or string
Default
null
Example
SELECT name,password,gid FROM groups
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.nss.getgrgid
SQL query for the getgrgid syscall.
Type: null or string
Default
null
Example
SELECT name,password,gid FROM groups WHERE gid='%1$u' LIMIT 1
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.nss.getgrnam
SQL query for the getgrnam syscall.
Type: null or string
Default
null
Example
SELECT name,password,gid FROM groups WHERE name='%1$s' LIMIT 1
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.nss.getpwent
SQL query for the getpwent syscall.
Type: null or string
Default
null
Example
SELECT username,'x',uid,'5000','MySQL User', CONCAT('/home/',username),'/run/sw/current-system/bin/bash' FROM users
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.nss.getpwnam
SQL query for the getpwnam syscall.
Type: null or string
Default
null
Example
SELECT username,'x',uid,'5000','MySQL User', CONCAT('/home/',username),'/run/sw/current-system/bin/bash' \FROM users \WHERE username='%1$s' \LIMIT 1
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.nss.getpwuid
SQL query for the getpwuid syscall.
Type: null or string
Default
null
Example
SELECT username,'x',uid,'5000','MySQL User', CONCAT('/home/',username),'/run/sw/current-system/bin/bash' \FROM users \WHERE uid='%1$u' \LIMIT 1
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.nss.getspent
SQL query for the getspent syscall.
Type: null or string
Default
null
Example
SELECT username,password,'1','0','99999','0','0','-1','0' FROM users
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.nss.getspnam
SQL query for the getspnam syscall.
Type: null or string
Default
null
Example
SELECT username,password,'1','0','99999','0','0','-1','0' \FROM users \WHERE username='%1$s' \LIMIT 1
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.nss.gidsbymem
SQL query for the gidsbymem syscall.
Type: null or string
Default
null
Example
SELECT gid FROM grouplist WHERE username='%1$s'
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.nss.memsbygid
SQL query for the memsbygid syscall.
Type: null or string
Default
null
Example
SELECT username FROM grouplist WHERE gid='%1$u'
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.pam
Settings for pam_mysql
Type: submodule
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.pam.cryptDefault
The default encryption method to use for passwordCrypt = 1.
Type: null or one of "md5", "sha256", "sha512", "blowfish"
Default
null
Example
"blowfish"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.pam.disconnectEveryOperation
By default, pam_mysql keeps the connection to the MySQL
database until the session is closed. If this option is set to true it
disconnects every time the PAM operation has finished. This option may
be useful in case the session lasts quite long.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.pam.logging.enable
Enables logging of authentication attempts in the MySQL database.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.pam.logging.hostColumn
The name of the column in the log table to which the name of the user being authenticated is stored.
Type: string
Example
"host"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.pam.logging.msgColumn
The name of the column in the log table to which the description of the performed operation is stored.
Type: string
Example
"msg"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.pam.logging.pidColumn
The name of the column in the log table to which the pid of the
process utilising the pam_mysql authentication
service is stored.
Type: string
Example
"pid"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.pam.logging.rHostColumn
The name of the column in the log table to which the name of the remote
host that initiates the session is stored. The value is supposed to be
set by the PAM-aware application with pam_set_item(PAM_RHOST).
Type: string
Example
"rhost"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.pam.logging.table
The name of the table to which logs are written.
Type: string
Example
"logs"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.pam.logging.timeColumn
The name of the column in the log table to which the timestamp of the log entry is stored.
Type: string
Example
"timestamp"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.pam.logging.userColumn
The name of the column in the log table to which the name of the user being authenticated is stored.
Type: string
Example
"user"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.pam.passwordColumn
The name of the column that contains a (encrypted) password string.
Type: string
Example
"password"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.pam.passwordCrypt
The method to encrypt the user's password:
0(or"plain"): No encryption. Passwords are stored in plaintext. HIGHLY DISCOURAGED.1(or"Y"): Use crypt(3) function.2(or"mysql"): Use the MySQL PASSWORD() function. It is possible that the encryption function used bypam_mysqlis different from that of the MySQL server, aspam_mysqluses the function defined in MySQL's C-client API instead of using PASSWORD() SQL function in the query.3(or"md5"): Use plain hex MD5.4(or"sha1"): Use plain hex SHA1.5(or"drupal7"): Use Drupal7 salted passwords.6(or"joomla15"): Use Joomla15 salted passwords.7(or"ssha"): Use ssha hashed passwords.8(or"sha512"): Use sha512 hashed passwords.9(or"sha256"): Use sha256 hashed passwords.
Type: one of "0", "plain", "1", "Y", "2", "mysql", "3", "md5", "4", "sha1", "5", "drupal7", "6", "joomla15", "7", "ssha", "8", "sha512", "9", "sha256"
Example
"2"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.pam.statusColumn
The name of the column or an SQL expression that indicates the status of the user. The status is expressed by the combination of two bitfields shown below:
bit 0 (0x01): if flagged,pam_mysqldeems the account to be expired and returnsPAM_ACCT_EXPIRED. That is, the account is supposed to no longer be available. Note this doesn't mean thatpam_mysqlrejects further authentication operations.bit 1 (0x02): if flagged,pam_mysqldeems the authentication token (password) to be expired and returnsPAM_NEW_AUTHTOK_REQD. This ends up requiring that the user enter a new password.
Type: null or string
Default
null
Example
"status"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.pam.table
The name of table that maps unique login names to the passwords.
Type: string
Example
"users"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.pam.updateTable
The name of the table used for password alteration. If not defined, the value
of the table option will be used instead.
Type: null or string
Default
null
Example
"users_updates"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.pam.userColumn
The name of the column that contains a unix login name.
Type: string
Example
"username"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.pam.verbose
If enabled, produces logs with detailed messages that describes what
pam_mysql is doing. May be useful for debugging.
Type: boolean
Default
false
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.pam.where
Additional criteria for the query.
Type: null or string
Default
null
Example
"host.name='web' AND user.active=1"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.passwordFile
The path to the file containing the password for the user
Type: path
Example
"/run/secrets/mysql-auth-db-passwd"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix
users.mysql.user
The username to use when connecting to the database
Type: string
Example
"nss-user"
Declared by: https://github.com/nixos/nixpkgs/blob/master/nixos/modules/config/mysql.nix