public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #117456 from Izorkin/update-redis-options 

nixos/redis: add option and change access to directories
This commit is contained in:
Jörg Thalheim 2021-04-10 06:06:19 +01:00 committed by GitHub
parent 7c6aa8400b 9d4aaf2366
commit f7e08360b0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 18 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
nixos/modules/services/databases/redis.nix
View File

@ -88,6 +88,13 @@ in
example = "/run/redis/redis.sock"; example = "/run/redis/redis.sock";
}; };
unixSocketPerm = mkOption {
type = types.int;
default = 750;
description = "Change permissions for the socket";
example = 700;
};
logLevel = mkOption { logLevel = mkOption {
type = types.str; type = types.str;
default = "notice"; # debug, verbose, notice, warning default = "notice"; # debug, verbose, notice, warning
@ -204,7 +211,6 @@ in
''; '';
example = literalExample '' example = literalExample ''
{ {
unixsocketperm = "700";
loadmodule = [ "/path/to/my_module.so" "/path/to/other_module.so" ]; loadmodule = [ "/path/to/my_module.so" "/path/to/other_module.so" ];
} }
''; '';
@ -256,7 +262,7 @@ in
slowlog-max-len = cfg.slowLogMaxLen; slowlog-max-len = cfg.slowLogMaxLen;
} }
(mkIf (cfg.bind != null) { bind = cfg.bind; }) (mkIf (cfg.bind != null) { bind = cfg.bind; })
(mkIf (cfg.unixSocket != null) { unixsocket = cfg.unixSocket; }) (mkIf (cfg.unixSocket != null) { unixsocket = cfg.unixSocket; unixsocketperm = "${toString cfg.unixSocketPerm}"; })
(mkIf (cfg.slaveOf != null) { slaveof = "${cfg.slaveOf.ip} ${cfg.slaveOf.port}"; }) (mkIf (cfg.slaveOf != null) { slaveof = "${cfg.slaveOf.ip} ${cfg.slaveOf.port}"; })
(mkIf (cfg.masterAuth != null) { masterauth = cfg.masterAuth; }) (mkIf (cfg.masterAuth != null) { masterauth = cfg.masterAuth; })
(mkIf (cfg.requirePass != null) { requirepass = cfg.requirePass; }) (mkIf (cfg.requirePass != null) { requirepass = cfg.requirePass; })
@ -277,11 +283,18 @@ in
serviceConfig = { serviceConfig = {
ExecStart = "${cfg.package}/bin/redis-server /run/redis/redis.conf"; ExecStart = "${cfg.package}/bin/redis-server /run/redis/redis.conf";
RuntimeDirectory = "redis";
StateDirectory = "redis";
Type = "notify"; Type = "notify";
# User and group
User = "redis"; User = "redis";
Group = "redis"; Group = "redis";
# Runtime directory and mode
RuntimeDirectory = "redis";
RuntimeDirectoryMode = "0750";
# State directory and mode
StateDirectory = "redis";
StateDirectoryMode = "0700";
# Access write directories
UMask = "0077";
}; };
}; };
}; };

2
nixos/tests/redis.nix
View File

@ -17,7 +17,7 @@ in
services.redis.unixSocket = redisSocket; services.redis.unixSocket = redisSocket;
# Allow access to the unix socket for the "redis" group. # Allow access to the unix socket for the "redis" group.
services.redis.settings.unixsocketperm = "770"; services.redis.unixSocketPerm = 770;
users.users."member" = { users.users."member" = {
createHome = false; createHome = false;