From 1a64deeb894dc95e2645a75771732c6cc53a79ad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Isma=C3=ABl=20Bouya?= Date: Wed, 4 Oct 2023 01:35:06 +0200 Subject: Squash changes containing private information There were a lot of changes since the previous commit, but a lot of them contained personnal information about users. All thos changes got stashed into a single commit (history is kept in a different place) and private information was moved in a separate private repository --- modules/private/databases/redis.nix | 133 ------------------------------------ 1 file changed, 133 deletions(-) delete mode 100644 modules/private/databases/redis.nix (limited to 'modules/private/databases/redis.nix') diff --git a/modules/private/databases/redis.nix b/modules/private/databases/redis.nix deleted file mode 100644 index 685fa46..0000000 --- a/modules/private/databases/redis.nix +++ /dev/null @@ -1,133 +0,0 @@ -{ lib, config, pkgs, ... }: -let - cfg = config.myServices.databases.redis; -in { - options.myServices.databases.redis = { - enable = lib.mkOption { - default = false; - example = true; - description = "Whether to enable redis database"; - type = lib.types.bool; - }; - socketsDir = lib.mkOption { - type = lib.types.path; - default = "/run/redis"; - description = '' - The directory where Redis puts sockets. - ''; - }; - # Output variables - sockets = lib.mkOption { - type = lib.types.attrsOf lib.types.path; - default = { - redis = "${cfg.socketsDir}/redis.sock"; - }; - readOnly = true; - description = '' - Redis sockets - ''; - }; - }; - - config = lib.mkIf cfg.enable { - users.users.redis.uid = config.ids.uids.redis; - users.groups.redis.gid = config.ids.gids.redis; - services.redis = rec { - enable = true; - bind = "127.0.0.1"; - unixSocket = cfg.sockets.redis; - extraConfig = '' - unixsocketperm 777 - maxclients 1024 - ''; - }; - systemd.services.redis.serviceConfig.Slice = "redis.slice"; - - services.spiped = { - enable = true; - config.redis = { - decrypt = true; - source = "0.0.0.0:16379"; - target = "/run/redis/redis.sock"; - keyfile = config.secrets.fullPaths."redis/spiped_keyfile"; - }; - }; - systemd.services.spiped_redis = { - description = "Secure pipe 'redis'"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - Slice = "redis.slice"; - Restart = "always"; - User = "spiped"; - PermissionsStartOnly = true; - SupplementaryGroups = "keys"; - }; - - script = "exec ${pkgs.spiped}/bin/spiped -F `cat /etc/spiped/redis.spec`"; - }; - - services.filesWatcher.predixy = { - restart = true; - paths = [ config.secrets.fullPaths."redis/predixy.conf" ]; - }; - - networking.firewall.allowedTCPPorts = [ 7617 16379 ]; - secrets.keys = { - "redis/predixy.conf" = { - user = "redis"; - group = "redis"; - permissions = "0400"; - text = '' - Name Predixy - Bind 127.0.0.1:7617 - ClientTimeout 300 - WorkerThreads 1 - - Authority { - Auth "${config.myEnv.databases.redis.predixy.read}" { - Mode read - } - } - - StandaloneServerPool { - Databases 16 - RefreshMethod fixed - Group shard001 { - + ${config.myEnv.databases.redis.socket} - } - } - ''; - }; - "redis/spiped_keyfile" = { - user = "spiped"; - group = "spiped"; - permissions = "0400"; - text = config.myEnv.databases.redis.spiped_key; - }; - }; - - systemd.slices.redis = { - description = "Redis slice"; - }; - - systemd.services.predixy = { - description = "Redis proxy"; - wantedBy = [ "multi-user.target" ]; - after = [ "redis.service" ]; - - serviceConfig = { - Slice = "redis.slice"; - User = "redis"; - Group = "redis"; - SupplementaryGroups = "keys"; - Type = "simple"; - - ExecStart = "${pkgs.predixy}/bin/predixy ${config.secrets.fullPaths."redis/predixy.conf"}"; - }; - - }; - }; -} - -- cgit v1.2.3