]>
Commit | Line | Data |
---|---|---|
ab8f306d | 1 | { lib, config, pkgs, ... }: |
182ae57f IB |
2 | let |
3 | cfg = config.myServices.databases.redis; | |
4 | in { | |
5 | options.myServices.databases.redis = { | |
6 | enable = lib.mkOption { | |
8415083e | 7 | default = false; |
182ae57f IB |
8 | example = true; |
9 | description = "Whether to enable redis database"; | |
10 | type = lib.types.bool; | |
11 | }; | |
12 | socketsDir = lib.mkOption { | |
13 | type = lib.types.path; | |
14 | default = "/run/redis"; | |
15 | description = '' | |
16 | The directory where Redis puts sockets. | |
17 | ''; | |
18 | }; | |
19 | # Output variables | |
182ae57f IB |
20 | sockets = lib.mkOption { |
21 | type = lib.types.attrsOf lib.types.path; | |
22 | default = { | |
23 | redis = "${cfg.socketsDir}/redis.sock"; | |
24 | }; | |
25 | readOnly = true; | |
26 | description = '' | |
27 | Redis sockets | |
28 | ''; | |
29 | }; | |
30 | }; | |
31 | ||
32 | config = lib.mkIf cfg.enable { | |
33 | users.users.redis.uid = config.ids.uids.redis; | |
34 | users.groups.redis.gid = config.ids.gids.redis; | |
e34b3079 | 35 | services.redis.servers."" = { |
182ae57f IB |
36 | enable = true; |
37 | bind = "127.0.0.1"; | |
38 | unixSocket = cfg.sockets.redis; | |
e34b3079 IB |
39 | unixSocketPerm = 777; |
40 | maxclients = 1024; | |
182ae57f | 41 | }; |
850adcf4 | 42 | systemd.services.redis.serviceConfig.Slice = "redis.slice"; |
e34b3079 | 43 | systemd.services.redis.serviceConfig.RuntimeDirectoryMode = lib.mkForce "0755"; |
bbea22c0 IB |
44 | services.redis.servers."php-sessions" = { |
45 | enable = true; | |
46 | maxclients = 1024; | |
47 | unixSocketPerm = 777; | |
48 | user = "wwwrun"; | |
49 | }; | |
dded6699 IB |
50 | |
51 | services.spiped = { | |
52 | enable = true; | |
53 | config.redis = { | |
54 | decrypt = true; | |
55 | source = "0.0.0.0:16379"; | |
56 | target = "/run/redis/redis.sock"; | |
da30ae4f | 57 | keyfile = config.secrets.fullPaths."redis/spiped_keyfile"; |
dded6699 IB |
58 | }; |
59 | }; | |
60 | systemd.services.spiped_redis = { | |
61 | description = "Secure pipe 'redis'"; | |
62 | after = [ "network.target" ]; | |
63 | wantedBy = [ "multi-user.target" ]; | |
64 | ||
65 | serviceConfig = { | |
850adcf4 IB |
66 | Slice = "redis.slice"; |
67 | Restart = "always"; | |
68 | User = "spiped"; | |
dded6699 IB |
69 | PermissionsStartOnly = true; |
70 | SupplementaryGroups = "keys"; | |
71 | }; | |
72 | ||
73 | script = "exec ${pkgs.spiped}/bin/spiped -F `cat /etc/spiped/redis.spec`"; | |
74 | }; | |
75 | ||
76 | services.filesWatcher.predixy = { | |
77 | restart = true; | |
da30ae4f | 78 | paths = [ config.secrets.fullPaths."redis/predixy.conf" ]; |
dded6699 IB |
79 | }; |
80 | ||
81 | networking.firewall.allowedTCPPorts = [ 7617 16379 ]; | |
4c4652aa IB |
82 | secrets.keys = { |
83 | "redis/predixy.conf" = { | |
dded6699 IB |
84 | user = "redis"; |
85 | group = "redis"; | |
86 | permissions = "0400"; | |
87 | text = '' | |
88 | Name Predixy | |
89 | Bind 127.0.0.1:7617 | |
90 | ClientTimeout 300 | |
91 | WorkerThreads 1 | |
92 | ||
93 | Authority { | |
ab8f306d | 94 | Auth "${config.myEnv.databases.redis.predixy.read}" { |
dded6699 IB |
95 | Mode read |
96 | } | |
97 | } | |
98 | ||
99 | StandaloneServerPool { | |
100 | Databases 16 | |
101 | RefreshMethod fixed | |
102 | Group shard001 { | |
ab8f306d | 103 | + ${config.myEnv.databases.redis.socket} |
dded6699 IB |
104 | } |
105 | } | |
106 | ''; | |
4c4652aa IB |
107 | }; |
108 | "redis/spiped_keyfile" = { | |
dded6699 IB |
109 | user = "spiped"; |
110 | group = "spiped"; | |
111 | permissions = "0400"; | |
ab8f306d | 112 | text = config.myEnv.databases.redis.spiped_key; |
4c4652aa IB |
113 | }; |
114 | }; | |
dded6699 | 115 | |
850adcf4 IB |
116 | systemd.slices.redis = { |
117 | description = "Redis slice"; | |
118 | }; | |
119 | ||
dded6699 IB |
120 | systemd.services.predixy = { |
121 | description = "Redis proxy"; | |
122 | wantedBy = [ "multi-user.target" ]; | |
123 | after = [ "redis.service" ]; | |
124 | ||
125 | serviceConfig = { | |
850adcf4 | 126 | Slice = "redis.slice"; |
dded6699 IB |
127 | User = "redis"; |
128 | Group = "redis"; | |
129 | SupplementaryGroups = "keys"; | |
130 | Type = "simple"; | |
131 | ||
da30ae4f | 132 | ExecStart = "${pkgs.predixy}/bin/predixy ${config.secrets.fullPaths."redis/predixy.conf"}"; |
dded6699 IB |
133 | }; |
134 | ||
135 | }; | |
182ae57f IB |
136 | }; |
137 | } | |
138 |