public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/redis: allow access to runtime and state directories to only redis user

Browse Source
This commit is contained in:
Izorkin 2021-03-24 13:33:34 +03:00
parent 86d8b31e00
commit 9d4aaf2366
No known key found for this signature in database
GPG Key ID: 1436C1B3F3679F09
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
nixos/modules/services/databases/redis.nix
View File

@ -283,11 +283,18 @@ in
serviceConfig = { serviceConfig = {
ExecStart = "${cfg.package}/bin/redis-server /run/redis/redis.conf"; ExecStart = "${cfg.package}/bin/redis-server /run/redis/redis.conf";
RuntimeDirectory = "redis";
StateDirectory = "redis";
Type = "notify"; Type = "notify";
# User and group
User = "redis"; User = "redis";
Group = "redis"; Group = "redis";
# Runtime directory and mode
RuntimeDirectory = "redis";
RuntimeDirectoryMode = "0750";
# State directory and mode
StateDirectory = "redis";
StateDirectoryMode = "0700";
# Access write directories
UMask = "0077";
}; };
}; };
}; };