1 { lib, config, pkgs, ... }:
3 cfg = config.myServices.databases.redis;
5 options.myServices.databases.redis = {
6 enable = lib.mkOption {
9 description = "Whether to enable redis database";
10 type = lib.types.bool;
12 socketsDir = lib.mkOption {
13 type = lib.types.path;
14 default = "/run/redis";
16 The directory where Redis puts sockets.
20 systemdRuntimeDirectory = lib.mkOption {
22 # Use ReadWritePaths= instead if socketsDir is outside of /run
23 default = assert lib.strings.hasPrefix "/run/" cfg.socketsDir;
24 lib.strings.removePrefix "/run/" cfg.socketsDir;
26 Adjusted redis sockets directory for systemd
30 sockets = lib.mkOption {
31 type = lib.types.attrsOf lib.types.path;
33 redis = "${cfg.socketsDir}/redis.sock";
42 config = lib.mkIf cfg.enable {
43 users.users.redis.uid = config.ids.uids.redis;
44 users.groups.redis.gid = config.ids.gids.redis;
45 services.redis = rec {
48 unixSocket = cfg.sockets.redis;
54 systemd.services.redis.serviceConfig.RuntimeDirectory = cfg.systemdRuntimeDirectory;
60 source = "0.0.0.0:16379";
61 target = "/run/redis/redis.sock";
62 keyfile = "${config.secrets.location}/redis/spiped_keyfile";
65 systemd.services.spiped_redis = {
66 description = "Secure pipe 'redis'";
67 after = [ "network.target" ];
68 wantedBy = [ "multi-user.target" ];
73 PermissionsStartOnly = true;
74 SupplementaryGroups = "keys";
77 script = "exec ${pkgs.spiped}/bin/spiped -F `cat /etc/spiped/redis.spec`";
80 services.filesWatcher.predixy = {
82 paths = [ "${config.secrets.location}/redis/predixy.conf" ];
85 networking.firewall.allowedTCPPorts = [ 7617 16379 ];
88 dest = "redis/predixy.conf";
99 Auth "${config.myEnv.databases.redis.predixy.read}" {
104 StandaloneServerPool {
108 + ${config.myEnv.databases.redis.socket}
114 dest = "redis/spiped_keyfile";
117 permissions = "0400";
118 text = config.myEnv.databases.redis.spiped_key;
122 systemd.services.predixy = {
123 description = "Redis proxy";
124 wantedBy = [ "multi-user.target" ];
125 after = [ "redis.service" ];
130 SupplementaryGroups = "keys";
133 ExecStart = "${pkgs.predixy}/bin/predixy ${config.secrets.location}/redis/predixy.conf";