pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #117456 from Izorkin/update-redis-options

nixos/redis: add option and change access to directories

Jörg Thalheim f7e08360 7c6aa840

options
unified split
Changed files
+18 -5
nixos
modules
services
databases
redis.nix
tests
redis.nix
+17 -4
nixos/modules/services/databases/redis.nix 
···

       
88

       
88

       
 

       
        example = "/run/redis/redis.sock";


     

       
89

       
89

       
 

       
      };


     

       
90

       
90

       
 

       



     

       

       
91

       
+

       
      unixSocketPerm = mkOption {


     

       

       
92

       
+

       
        type = types.int;


     

       

       
93

       
+

       
        default = 750;


     

       

       
94

       
+

       
        description = "Change permissions for the socket";


     

       

       
95

       
+

       
        example = 700;


     

       

       
96

       
+

       
      };


     

       

       
97

       
+

       



     

       
91

       
98

       
 

       
      logLevel = mkOption {


     

       
92

       
99

       
 

       
        type = types.str;


     

       
93

       
100

       
 

       
        default = "notice"; # debug, verbose, notice, warning


     
···

       
204

       
211

       
 

       
        '';


     

       
205

       
212

       
 

       
        example = literalExample ''


     

       
206

       
213

       
 

       
          {


     

       
207

       

       
-

       
            unixsocketperm = "700";


     

       
208

       
214

       
 

       
            loadmodule = [ "/path/to/my_module.so" "/path/to/other_module.so" ];


     

       
209

       
215

       
 

       
          }


     

       
210

       
216

       
 

       
        '';


     
···

       
256

       
262

       
 

       
        slowlog-max-len = cfg.slowLogMaxLen;


     

       
257

       
263

       
 

       
      }


     

       
258

       
264

       
 

       
      (mkIf (cfg.bind != null) { bind = cfg.bind; })


     

       
259

       

       
-

       
      (mkIf (cfg.unixSocket != null) { unixsocket = cfg.unixSocket; })


     

       

       
265

       
+

       
      (mkIf (cfg.unixSocket != null) { unixsocket = cfg.unixSocket; unixsocketperm = "${toString cfg.unixSocketPerm}"; })


     

       
260

       
266

       
 

       
      (mkIf (cfg.slaveOf != null) { slaveof = "${cfg.slaveOf.ip} ${cfg.slaveOf.port}"; })


     

       
261

       
267

       
 

       
      (mkIf (cfg.masterAuth != null) { masterauth = cfg.masterAuth; })


     

       
262

       
268

       
 

       
      (mkIf (cfg.requirePass != null) { requirepass = cfg.requirePass; })


     
···

       
277

       
283

       
 

       



     

       
278

       
284

       
 

       
      serviceConfig = {


     

       
279

       
285

       
 

       
        ExecStart = "${cfg.package}/bin/redis-server /run/redis/redis.conf";


     

       
280

       

       
-

       
        RuntimeDirectory = "redis";


     

       
281

       

       
-

       
        StateDirectory = "redis";


     

       
282

       
286

       
 

       
        Type = "notify";


     

       

       
287

       
+

       
        # User and group


     

       
283

       
288

       
 

       
        User = "redis";


     

       
284

       
289

       
 

       
        Group = "redis";


     

       

       
290

       
+

       
        # Runtime directory and mode


     

       

       
291

       
+

       
        RuntimeDirectory = "redis";


     

       

       
292

       
+

       
        RuntimeDirectoryMode = "0750";


     

       

       
293

       
+

       
        # State directory and mode


     

       

       
294

       
+

       
        StateDirectory = "redis";


     

       

       
295

       
+

       
        StateDirectoryMode = "0700";


     

       

       
296

       
+

       
        # Access write directories


     

       

       
297

       
+

       
        UMask = "0077";


     

       
285

       
298

       
 

       
      };


     

       
286

       
299

       
 

       
    };


     

       
287

       
300

       
 

       
  };
+1 -1
nixos/tests/redis.nix 
···

       
17

       
17

       
 

       
        services.redis.unixSocket = redisSocket;


     

       
18

       
18

       
 

       



     

       
19

       
19

       
 

       
        # Allow access to the unix socket for the "redis" group.


     

       
20

       

       
-

       
        services.redis.settings.unixsocketperm = "770";


     

       

       
20

       
+

       
        services.redis.unixSocketPerm = 770;


     

       
21

       
21

       
 

       



     

       
22

       
22

       
 

       
        users.users."member" = {


     

       
23

       
23

       
 

       
          createHome = false;