]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - modules/private/databases/redis.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add config for CI
[perso/Immae/Config/Nix.git] / modules / private / databases / redis.nix
diff --git a/modules/private/databases/redis.nix b/modules/private/databases/redis.nix
index 46025105c64b4318a3a9332508cb5c118d48985f..685fa464cf60efdb7f7ef64a1e9008c4590cd769 100644 (file)
--- a/modules/private/databases/redis.nix
+++ b/modules/private/databases/redis.nix
@@ -41,6 +41,7 @@ in {
         maxclients 1024
         '';
     };
+    systemd.services.redis.serviceConfig.Slice = "redis.slice";
 
     services.spiped = {
       enable = true;
@@ -48,7 +49,7 @@ in {
         decrypt = true;
         source = "0.0.0.0:16379";
         target = "/run/redis/redis.sock";
-        keyfile = "${config.secrets.location}/redis/spiped_keyfile";
+        keyfile = config.secrets.fullPaths."redis/spiped_keyfile";
       };
     };
     systemd.services.spiped_redis = {
@@ -57,8 +58,9 @@ in {
       wantedBy = [ "multi-user.target" ];
 
       serviceConfig = {
-        Restart   = "always";
-        User      = "spiped";
+        Slice = "redis.slice";
+        Restart = "always";
+        User = "spiped";
         PermissionsStartOnly = true;
         SupplementaryGroups = "keys";
       };
@@ -68,13 +70,12 @@ in {
 
     services.filesWatcher.predixy = {
       restart = true;
-      paths = [ "${config.secrets.location}/redis/predixy.conf" ];
+      paths = [ config.secrets.fullPaths."redis/predixy.conf" ];
     };
 
     networking.firewall.allowedTCPPorts = [ 7617 16379 ];
-    secrets.keys = [
-      {
-        dest = "redis/predixy.conf";
+    secrets.keys = {
+      "redis/predixy.conf" = {
         user = "redis";
         group = "redis";
         permissions = "0400";
@@ -98,15 +99,18 @@ in {
             }
           }
           '';
-      }
-      {
-        dest = "redis/spiped_keyfile";
+      };
+      "redis/spiped_keyfile" = {
         user = "spiped";
         group = "spiped";
         permissions = "0400";
         text = config.myEnv.databases.redis.spiped_key;
-      }
-    ];
+      };
+    };
+
+    systemd.slices.redis = {
+      description = "Redis slice";
+    };
 
     systemd.services.predixy = {
       description = "Redis proxy";
@@ -114,12 +118,13 @@ in {
       after = [ "redis.service" ];
 
       serviceConfig = {
+        Slice = "redis.slice";
         User = "redis";
         Group = "redis";
         SupplementaryGroups = "keys";
         Type = "simple";
 
-        ExecStart = "${pkgs.predixy}/bin/predixy ${config.secrets.location}/redis/predixy.conf";
+        ExecStart = "${pkgs.predixy}/bin/predixy ${config.secrets.fullPaths."redis/predixy.conf"}";
       };
 
     };
My infrastructure configuration