From 3a1beb6347799a8d8f3290a6158b2d5249c7ecb8 Mon Sep 17 00:00:00 2001
From: Ben Smith <polynomial@gmail.com>
Date: Fri, 2 Oct 2015 23:22:27 -0700
Subject: [PATCH] redis service: add firewall and VM overcommit options

- Add vm.over_commit setting for background saving
- Add openFirewall setting

Closes #10193
---
 nixos/modules/services/databases/redis.nix | 24 ++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix
index 6323d2c8ce4..480e1184ffa 100644
--- a/nixos/modules/services/databases/redis.nix
+++ b/nixos/modules/services/databases/redis.nix
@@ -68,6 +68,22 @@ in
         description = "The port for Redis to listen to.";
       };
 
+      vmOverCommit = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Set vm.overcommit_memory to 1 (Suggested for Background Saving: http://redis.io/topics/faq)
+        '';
+      };
+
+      openFirewall = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to open ports in the firewall for the server.
+        '';
+      };
+
       bind = mkOption {
         type = with types; nullOr str;
         default = null; # All interfaces
@@ -193,6 +209,14 @@ in
 
   config = mkIf config.services.redis.enable {
 
+    boot.kernel.sysctl = mkIf cfg.vmOverCommit {
+      "vm.overcommit_memory" = "1";
+    };
+
+    networking.firewall = mkIf cfg.openFirewall {
+      allowedTCPPorts = [ cfg.port ];
+    };
+
     users.extraUsers.redis =
       { name = cfg.user;
         uid = config.ids.uids.redis;