decrypt = true;
source = "0.0.0.0:16379";
target = "/run/redis/redis.sock";
- keyfile = "${config.secrets.location}/redis/spiped_keyfile";
+ keyfile = config.secrets.fullPaths."redis/spiped_keyfile";
};
};
systemd.services.spiped_redis = {
services.filesWatcher.predixy = {
restart = true;
- paths = [ "${config.secrets.location}/redis/predixy.conf" ];
+ paths = [ config.secrets.fullPaths."redis/predixy.conf" ];
};
networking.firewall.allowedTCPPorts = [ 7617 16379 ];
- secrets.keys = [
- {
- dest = "redis/predixy.conf";
+ secrets.keys = {
+ "redis/predixy.conf" = {
user = "redis";
group = "redis";
permissions = "0400";
}
}
'';
- }
- {
- dest = "redis/spiped_keyfile";
+ };
+ "redis/spiped_keyfile" = {
user = "spiped";
group = "spiped";
permissions = "0400";
text = config.myEnv.databases.redis.spiped_key;
- }
- ];
+ };
+ };
systemd.slices.redis = {
description = "Redis slice";
SupplementaryGroups = "keys";
Type = "simple";
- ExecStart = "${pkgs.predixy}/bin/predixy ${config.secrets.location}/redis/predixy.conf";
+ ExecStart = "${pkgs.predixy}/bin/predixy ${config.secrets.fullPaths."redis/predixy.conf"}";
};
};