[perso/Immae/Config/Nix.git] / modules / private / databases / redis_replication.nix

{ pkgs, config, lib, ... }:
let
  cfg = config.myServices.databasesReplication.redis;
in
{
  options.myServices.databasesReplication.redis = {
    enable = lib.mkEnableOption "Enable redis replication";
    base = lib.mkOption {
      type = lib.types.path;
      description = ''
        Base path to put the replications
        '';
    };
    hosts = lib.mkOption {
      default = {};
      description = ''
        Hosts to backup
        '';
      type = lib.types.attrsOf (lib.types.submodule {
        options = {
          package = lib.mkOption {
            type = lib.types.package;
            default = pkgs.redis;
            description = ''
              Redis package for this host
            '';
          };
          host = lib.mkOption {
            type = lib.types.str;
            description = ''
              Host to connect to
              '';
          };
          port = lib.mkOption {
            type = lib.types.str;
            description = ''
              Port to connect to
              '';
          };
          password = lib.mkOption {
            type = lib.types.nullOr lib.types.str;
            default = null;
            description = ''
              Password to use
              '';
          };
        };
      });
    };
  };

  config = lib.mkIf cfg.enable {
    users.users.redis = {
      description = "Redis database user";
      group = "redis";
      uid = config.ids.uids.redis;
      extraGroups = [ "keys" ];
    };
    users.groups.redis.gid = config.ids.gids.redis;

    services.spiped = { # sync from eldiron
      enable = true;
      config.redis = {
        encrypt = true;
        source = "127.0.0.1:16379";
        target = "${config.myEnv.servers.eldiron.ips.main.ip4}:16379";
        keyfile = config.secrets.fullPaths."redis/spiped_eldiron_keyfile";
      };
    };

    secrets.keys = lib.mapAttrs' (name: hcfg:
      lib.nameValuePair "redis_replication/${name}/config" {
        user = "redis";
        group = "redis";
        permissions = "0400";
        text = ''
          pidfile ${cfg.base}/${name}/redis/redis.pid
          port 0
          unixsocket /run/redis_${name}/redis.sock
          loglevel notice
          logfile /dev/null
          syslog-enabled yes
          databases 16
          save 900 1
          save 300 10
          save 60 10000
          dbfilename dump.rdb
          dir ${cfg.base}/${name}/redis/
          slaveof ${hcfg.host} ${hcfg.port}
          ${if hcfg.password != null then "masterauth ${hcfg.password}" else ""}
          appendOnly no
          appendfsync everysec
          slowlog-log-slower-than 10000
          slowlog-max-len 128
          unixsocketperm 777
          maxclients 1024
          '';
      }
    ) cfg.hosts // {
      "redis/spiped_eldiron_keyfile" = { # For eldiron only
        user = "spiped";
        group = "spiped";
        permissions = "0400";
        text = config.myEnv.databases.redis.spiped_key;
      };
    };

    services.cron = {
      enable = true;
      systemCronJobs = lib.flatten (lib.mapAttrsToList (name: hcfg:
        let
          dataDir = "${cfg.base}/${name}/redis";
          backupDir = "${cfg.base}/${name}/redis_backup";
          backup_script = pkgs.writeScript "backup_redis_${name}" ''
              #!${pkgs.stdenv.shell}

              ${pkgs.coreutils}/bin/cp ${cfg.base}/${name}/redis/dump.rdb \
                ${backupDir}/$(${pkgs.coreutils}/bin/date -Iminutes).rdb
            '';
          u = pkgs.callPackage ./utils.nix {};
          cleanup_script = pkgs.writeScript "cleanup_redis_${name}" (u.exponentialDumps "rdb" backupDir);
        in [
          "0 22,4,10,16 * * * root ${backup_script}"
          "0 3 * * * root ${cleanup_script}"
        ]) cfg.hosts);
    };

    system.activationScripts = lib.attrsets.mapAttrs' (name: hcfg:
      lib.attrsets.nameValuePair "redis_replication_${name}" {
        deps = [ "users" "groups" ];
        text = ''
          install -m 0700 -o redis -g redis -d ${cfg.base}/${name}/redis
          install -m 0700 -o redis -g redis -d ${cfg.base}/${name}/redis_backup
          '';
      }) cfg.hosts;

    systemd.services = {
      spiped_redis = { # For eldiron
        description = "Secure pipe 'redis'";
        after = [ "network.target" ];
        wantedBy = [ "multi-user.target" ];

        serviceConfig = {
          Restart   = "always";
          User      = "spiped";
          PermissionsStartOnly = true;
          SupplementaryGroups = "keys";
        };

        script = "exec ${pkgs.spiped}/bin/spiped -F `cat /etc/spiped/redis.spec`";
      };
    } // lib.attrsets.mapAttrs' (name: hcfg:
      let
        dataDir = "${cfg.base}/${name}/redis";
      in
      lib.attrsets.nameValuePair "redis_backup_${name}" {
        description = "Redis replication for ${name}";
        wantedBy = [ "multi-user.target" ];
        after = [ "network.target" ];
        unitConfig.RequiresMountsFor = dataDir;

        serviceConfig = {
          ExecStart = "${hcfg.package}/bin/redis-server ${config.secrets.fullPaths."redis_replication/${name}/config"}";
          User = "redis";
          RuntimeDirectory = "redis_${name}";
        };
    }) cfg.hosts;
  };
}
Commit	Line	Data
ab8f306d	1	{ pkgs, config, lib, ... }:
dded6699 IB	2	let
	3	cfg = config.myServices.databasesReplication.redis;
	4	in
	5	{
	6	options.myServices.databasesReplication.redis = {
	7	enable = lib.mkEnableOption "Enable redis replication";
	8	base = lib.mkOption {
	9	type = lib.types.path;
	10	description = ''
	11	Base path to put the replications
	12	'';
	13	};
	14	hosts = lib.mkOption {
	15	default = {};
	16	description = ''
	17	Hosts to backup
	18	'';
	19	type = lib.types.attrsOf (lib.types.submodule {
	20	options = {
	21	package = lib.mkOption {
	22	type = lib.types.package;
	23	default = pkgs.redis;
	24	description = ''
	25	Redis package for this host
	26	'';
	27	};
	28	host = lib.mkOption {
	29	type = lib.types.str;
	30	description = ''
	31	Host to connect to
	32	'';
	33	};
	34	port = lib.mkOption {
	35	type = lib.types.str;
	36	description = ''
	37	Port to connect to
	38	'';
	39	};
	40	password = lib.mkOption {
	41	type = lib.types.nullOr lib.types.str;
	42	default = null;
	43	description = ''
	44	Password to use
	45	'';
	46	};
	47	};
	48	});
	49	};
	50	};
	51
	52	config = lib.mkIf cfg.enable {
	53	users.users.redis = {
	54	description = "Redis database user";
	55	group = "redis";
	56	uid = config.ids.uids.redis;
	57	extraGroups = [ "keys" ];
	58	};
	59	users.groups.redis.gid = config.ids.gids.redis;
	60
	61	services.spiped = { # sync from eldiron
	62	enable = true;
	63	config.redis = {
	64	encrypt = true;
	65	source = "127.0.0.1:16379";
ab8f306d	66	target = "${config.myEnv.servers.eldiron.ips.main.ip4}:16379";
da30ae4f	67	keyfile = config.secrets.fullPaths."redis/spiped_eldiron_keyfile";
dded6699 IB	68	};
	69	};
	70
4c4652aa IB	71	secrets.keys = lib.mapAttrs' (name: hcfg:
4c4652aa IB	72	lib.nameValuePair "redis_replication/${name}/config" {
dded6699 IB	73	user = "redis";
	74	group = "redis";
	75	permissions = "0400";
	76	text = ''
	77	pidfile ${cfg.base}/${name}/redis/redis.pid
	78	port 0
	79	unixsocket /run/redis_${name}/redis.sock
	80	loglevel notice
	81	logfile /dev/null
	82	syslog-enabled yes
	83	databases 16
	84	save 900 1
	85	save 300 10
	86	save 60 10000
	87	dbfilename dump.rdb
	88	dir ${cfg.base}/${name}/redis/
	89	slaveof ${hcfg.host} ${hcfg.port}
	90	${if hcfg.password != null then "masterauth ${hcfg.password}" else ""}
	91	appendOnly no
	92	appendfsync everysec
	93	slowlog-log-slower-than 10000
	94	slowlog-max-len 128
	95	unixsocketperm 777
	96	maxclients 1024
	97	'';
	98	}
4c4652aa IB	99	) cfg.hosts // {
4c4652aa IB	100	"redis/spiped_eldiron_keyfile" = { # For eldiron only
dded6699 IB	101	user = "spiped";
	102	group = "spiped";
	103	permissions = "0400";
ab8f306d	104	text = config.myEnv.databases.redis.spiped_key;
4c4652aa IB	105	};
4c4652aa IB	106	};
dded6699 IB	107
	108	services.cron = {
	109	enable = true;
	110	systemCronJobs = lib.flatten (lib.mapAttrsToList (name: hcfg:
	111	let
	112	dataDir = "${cfg.base}/${name}/redis";
	113	backupDir = "${cfg.base}/${name}/redis_backup";
	114	backup_script = pkgs.writeScript "backup_redis_${name}" ''
	115	#!${pkgs.stdenv.shell}
	116
	117	${pkgs.coreutils}/bin/cp ${cfg.base}/${name}/redis/dump.rdb \
4c853ba6	118	${backupDir}/$(${pkgs.coreutils}/bin/date -Iminutes).rdb
dded6699 IB	119	'';
	120	u = pkgs.callPackage ./utils.nix {};
	121	cleanup_script = pkgs.writeScript "cleanup_redis_${name}" (u.exponentialDumps "rdb" backupDir);
	122	in [
	123	"0 22,4,10,16 * * * root ${backup_script}"
	124	"0 3 * * * root ${cleanup_script}"
	125	]) cfg.hosts);
	126	};
	127
	128	system.activationScripts = lib.attrsets.mapAttrs' (name: hcfg:
	129	lib.attrsets.nameValuePair "redis_replication_${name}" {
	130	deps = [ "users" "groups" ];
	131	text = ''
	132	install -m 0700 -o redis -g redis -d ${cfg.base}/${name}/redis
	133	install -m 0700 -o redis -g redis -d ${cfg.base}/${name}/redis_backup
	134	'';
	135	}) cfg.hosts;
	136
	137	systemd.services = {
	138	spiped_redis = { # For eldiron
	139	description = "Secure pipe 'redis'";
	140	after = [ "network.target" ];
	141	wantedBy = [ "multi-user.target" ];
	142
	143	serviceConfig = {
	144	Restart = "always";
	145	User = "spiped";
	146	PermissionsStartOnly = true;
	147	SupplementaryGroups = "keys";
	148	};
	149
	150	script = "exec ${pkgs.spiped}/bin/spiped -F `cat /etc/spiped/redis.spec`";
	151	};
	152	} // lib.attrsets.mapAttrs' (name: hcfg:
	153	let
	154	dataDir = "${cfg.base}/${name}/redis";
	155	in
	156	lib.attrsets.nameValuePair "redis_backup_${name}" {
	157	description = "Redis replication for ${name}";
	158	wantedBy = [ "multi-user.target" ];
	159	after = [ "network.target" ];
	160	unitConfig.RequiresMountsFor = dataDir;
	161
	162	serviceConfig = {
da30ae4f	163	ExecStart = "${hcfg.package}/bin/redis-server ${config.secrets.fullPaths."redis_replication/${name}/config"}";
dded6699 IB	164	User = "redis";
	165	RuntimeDirectory = "redis_${name}";
	166	};
	167	}) cfg.hosts;
	168	};
	169	}
	170
	171