pyrox.dev
lol
Merge pull request #117456 from Izorkin/update-redis-options
nixos/redis: add option and change access to directories
authored by
Jörg Thalheim
and committed by
GitHub
f7e08360
7c6aa840
+18
-5
+17
-4
nixos/modules/services/databases/redis.nix
+17
-4
nixos/modules/services/databases/redis.nix
···
88
88
example = "/run/redis/redis.sock";
89
89
};
90
90
91
+
unixSocketPerm = mkOption {
92
+
type = types.int;
93
+
default = 750;
94
+
description = "Change permissions for the socket";
95
+
example = 700;
96
+
};
97
+
91
98
logLevel = mkOption {
92
99
type = types.str;
93
100
default = "notice"; # debug, verbose, notice, warning
···
204
211
'';
205
212
example = literalExample ''
206
213
{
207
-
unixsocketperm = "700";
208
214
loadmodule = [ "/path/to/my_module.so" "/path/to/other_module.so" ];
209
215
}
210
216
'';
···
256
262
slowlog-max-len = cfg.slowLogMaxLen;
257
263
}
258
264
(mkIf (cfg.bind != null) { bind = cfg.bind; })
259
-
(mkIf (cfg.unixSocket != null) { unixsocket = cfg.unixSocket; })
265
+
(mkIf (cfg.unixSocket != null) { unixsocket = cfg.unixSocket; unixsocketperm = "${toString cfg.unixSocketPerm}"; })
260
266
(mkIf (cfg.slaveOf != null) { slaveof = "${cfg.slaveOf.ip} ${cfg.slaveOf.port}"; })
261
267
(mkIf (cfg.masterAuth != null) { masterauth = cfg.masterAuth; })
262
268
(mkIf (cfg.requirePass != null) { requirepass = cfg.requirePass; })
···
277
283
278
284
serviceConfig = {
279
285
ExecStart = "${cfg.package}/bin/redis-server /run/redis/redis.conf";
280
-
RuntimeDirectory = "redis";
281
-
StateDirectory = "redis";
282
286
Type = "notify";
287
+
# User and group
283
288
User = "redis";
284
289
Group = "redis";
290
+
# Runtime directory and mode
291
+
RuntimeDirectory = "redis";
292
+
RuntimeDirectoryMode = "0750";
293
+
# State directory and mode
294
+
StateDirectory = "redis";
295
+
StateDirectoryMode = "0700";
296
+
# Access write directories
297
+
UMask = "0077";
285
298
};
286
299
};
287
300
};
+1
-1
nixos/tests/redis.nix
+1
-1
nixos/tests/redis.nix