'';
};
# Output variables
- systemdRuntimeDirectory = lib.mkOption {
- type = lib.types.str;
- # Use ReadWritePaths= instead if socketsDir is outside of /run
- default = assert lib.strings.hasPrefix "/run/" cfg.socketsDir;
- lib.strings.removePrefix "/run/" cfg.socketsDir;
- description = ''
- Adjusted redis sockets directory for systemd
- '';
- readOnly = true;
- };
sockets = lib.mkOption {
type = lib.types.attrsOf lib.types.path;
default = {
maxclients 1024
'';
};
- systemd.services.redis.serviceConfig.RuntimeDirectory = cfg.systemdRuntimeDirectory;
+ systemd.services.redis.serviceConfig.Slice = "redis.slice";
services.spiped = {
enable = true;
decrypt = true;
source = "0.0.0.0:16379";
target = "/run/redis/redis.sock";
- keyfile = "${config.secrets.location}/redis/spiped_keyfile";
+ keyfile = config.secrets.fullPaths."redis/spiped_keyfile";
};
};
systemd.services.spiped_redis = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
- Restart = "always";
- User = "spiped";
+ Slice = "redis.slice";
+ Restart = "always";
+ User = "spiped";
PermissionsStartOnly = true;
SupplementaryGroups = "keys";
};
services.filesWatcher.predixy = {
restart = true;
- paths = [ "${config.secrets.location}/redis/predixy.conf" ];
+ paths = [ config.secrets.fullPaths."redis/predixy.conf" ];
};
networking.firewall.allowedTCPPorts = [ 7617 16379 ];
- secrets.keys = [
- {
- dest = "redis/predixy.conf";
+ secrets.keys = {
+ "redis/predixy.conf" = {
user = "redis";
group = "redis";
permissions = "0400";
}
}
'';
- }
- {
- dest = "redis/spiped_keyfile";
+ };
+ "redis/spiped_keyfile" = {
user = "spiped";
group = "spiped";
permissions = "0400";
text = config.myEnv.databases.redis.spiped_key;
- }
- ];
+ };
+ };
+
+ systemd.slices.redis = {
+ description = "Redis slice";
+ };
systemd.services.predixy = {
description = "Redis proxy";
after = [ "redis.service" ];
serviceConfig = {
+ Slice = "redis.slice";
User = "redis";
Group = "redis";
SupplementaryGroups = "keys";
Type = "simple";
- ExecStart = "${pkgs.predixy}/bin/predixy ${config.secrets.location}/redis/predixy.conf";
+ ExecStart = "${pkgs.predixy}/bin/predixy ${config.secrets.fullPaths."redis/predixy.conf"}";
};
};