Move secrets to flakes

[perso/Immae/Config/Nix.git] / modules / private / databases / redis.nix

diff --git a/modules/private/databases/redis.nix b/modules/private/databases/redis.nix
index 693f40261627d7b1cdba473446de86257c823525..5c5b8b032dac4ba58a907204d3c3967538e4ea15 100644 (file)
--- a/modules/private/databases/redis.nix
+++ b/modules/private/databases/redis.nix
@@ -1,4 +1,4 @@
-{ lib, config, pkgs, myconfig, ... }:
+{ lib, config, pkgs, ... }:
 let
     cfg = config.myServices.databases.redis;
 in {
@@ -17,16 +17,6 @@ in {
         '';
     };
     # Output variables
-    systemdRuntimeDirectory = lib.mkOption {
-      type = lib.types.str;
-      # Use ReadWritePaths= instead if socketsDir is outside of /run
-      default = assert lib.strings.hasPrefix "/run/" cfg.socketsDir;
-        lib.strings.removePrefix "/run/" cfg.socketsDir;
-      description = ''
-      Adjusted redis sockets directory for systemd
-      '';
-      readOnly = true;
-    };
     sockets = lib.mkOption {
       type = lib.types.attrsOf lib.types.path;
       default = {
@@ -51,7 +41,7 @@ in {
         maxclients 1024
         '';
     };
-    systemd.services.redis.serviceConfig.RuntimeDirectory = cfg.systemdRuntimeDirectory;
+    systemd.services.redis.serviceConfig.Slice = "redis.slice";
 
     services.spiped = {
       enable = true;
@@ -59,7 +49,7 @@ in {
         decrypt = true;
         source = "0.0.0.0:16379";
         target = "/run/redis/redis.sock";
-        keyfile = "${config.secrets.location}/redis/spiped_keyfile";
+        keyfile = config.secrets.fullPaths."redis/spiped_keyfile";
       };
     };
     systemd.services.spiped_redis = {
@@ -68,8 +58,9 @@ in {
       wantedBy = [ "multi-user.target" ];
 
       serviceConfig = {
-        Restart   = "always";
-        User      = "spiped";
+        Slice = "redis.slice";
+        Restart = "always";
+        User = "spiped";
         PermissionsStartOnly = true;
         SupplementaryGroups = "keys";
       };
@@ -79,7 +70,7 @@ in {
 
     services.filesWatcher.predixy = {
       restart = true;
-      paths = [ "${config.secrets.location}/redis/predixy.conf" ];
+      paths = [ config.secrets.fullPaths."redis/predixy.conf" ];
     };
 
     networking.firewall.allowedTCPPorts = [ 7617 16379 ];
@@ -96,7 +87,7 @@ in {
           WorkerThreads 1
 
           Authority {
-              Auth "${myconfig.env.databases.redis.predixy.read}" {
+              Auth "${config.myEnv.databases.redis.predixy.read}" {
                   Mode read
               }
           }
@@ -105,7 +96,7 @@ in {
             Databases 16
             RefreshMethod fixed
             Group shard001 {
-              + ${myconfig.env.databases.redis.socket}
+              + ${config.myEnv.databases.redis.socket}
             }
           }
           '';
@@ -115,22 +106,27 @@ in {
         user = "spiped";
         group = "spiped";
         permissions = "0400";
-        text = myconfig.env.databases.redis.spiped_key;
+        text = config.myEnv.databases.redis.spiped_key;
       }
     ];
 
+    systemd.slices.redis = {
+      description = "Redis slice";
+    };
+
     systemd.services.predixy = {
       description = "Redis proxy";
       wantedBy = [ "multi-user.target" ];
       after = [ "redis.service" ];
 
       serviceConfig = {
+        Slice = "redis.slice";
         User = "redis";
         Group = "redis";
         SupplementaryGroups = "keys";
         Type = "simple";
 
-        ExecStart = "${pkgs.predixy}/bin/predixy ${config.secrets.location}/redis/predixy.conf";
+        ExecStart = "${pkgs.predixy}/bin/predixy ${config.secrets.fullPaths."redis/predixy.conf"}";
       };
 
     };