1 { lib, config, pkgs, ... }:
3 cfg = config.myServices.databases.redis;
5 options.myServices.databases.redis = {
6 enable = lib.mkOption {
9 description = "Whether to enable redis database";
10 type = lib.types.bool;
12 socketsDir = lib.mkOption {
13 type = lib.types.path;
14 default = "/run/redis";
16 The directory where Redis puts sockets.
20 sockets = lib.mkOption {
21 type = lib.types.attrsOf lib.types.path;
23 redis = "${cfg.socketsDir}/redis.sock";
32 config = lib.mkIf cfg.enable {
33 users.users.redis.uid = config.ids.uids.redis;
34 users.groups.redis.gid = config.ids.gids.redis;
35 services.redis.servers."" = {
38 unixSocket = cfg.sockets.redis;
42 systemd.services.redis.serviceConfig.Slice = "redis.slice";
43 systemd.services.redis.serviceConfig.RuntimeDirectoryMode = lib.mkForce "0755";
49 source = "0.0.0.0:16379";
50 target = "/run/redis/redis.sock";
51 keyfile = config.secrets.fullPaths."redis/spiped_keyfile";
54 systemd.services.spiped_redis = {
55 description = "Secure pipe 'redis'";
56 after = [ "network.target" ];
57 wantedBy = [ "multi-user.target" ];
60 Slice = "redis.slice";
63 PermissionsStartOnly = true;
64 SupplementaryGroups = "keys";
67 script = "exec ${pkgs.spiped}/bin/spiped -F `cat /etc/spiped/redis.spec`";
70 services.filesWatcher.predixy = {
72 paths = [ config.secrets.fullPaths."redis/predixy.conf" ];
75 networking.firewall.allowedTCPPorts = [ 7617 16379 ];
77 "redis/predixy.conf" = {
88 Auth "${config.myEnv.databases.redis.predixy.read}" {
93 StandaloneServerPool {
97 + ${config.myEnv.databases.redis.socket}
102 "redis/spiped_keyfile" = {
105 permissions = "0400";
106 text = config.myEnv.databases.redis.spiped_key;
110 systemd.slices.redis = {
111 description = "Redis slice";
114 systemd.services.predixy = {
115 description = "Redis proxy";
116 wantedBy = [ "multi-user.target" ];
117 after = [ "redis.service" ];
120 Slice = "redis.slice";
123 SupplementaryGroups = "keys";
126 ExecStart = "${pkgs.predixy}/bin/predixy ${config.secrets.fullPaths."redis/predixy.conf"}";