Merge pull request #162214 from ncfavier/redis-bind-localhost

This commit is contained in:
Sandro 2022-03-08 12:38:39 +01:00 committed by GitHub
commit 0ffade9012
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -81,7 +81,9 @@ in {
user = mkOption {
type = types.str;
default = redisName name;
defaultText = "\"redis\" or \"redis-\${name}\" if name != \"\"";
defaultText = literalExpression ''
if name == "" then "redis" else "redis-''${name}"
'';
description = "The username and groupname for redis-server.";
};
@ -105,8 +107,7 @@ in {
bind = mkOption {
type = with types; nullOr str;
default = if name == "" then "127.0.0.1" else null;
defaultText = literalExpression ''if name == "" then "127.0.0.1" else null'';
default = "127.0.0.1";
description = ''
The IP interface to bind to.
<literal>null</literal> means "all interfaces".
@ -117,7 +118,9 @@ in {
unixSocket = mkOption {
type = with types; nullOr path;
default = "/run/${redisName name}/redis.sock";
defaultText = "\"/run/redis/redis.sock\" or \"/run/redis-\${name}/redis.sock\" if name != \"\"";
defaultText = literalExpression ''
if name == "" then "/run/redis/redis.sock" else "/run/redis-''${name}/redis.sock"
'';
description = "The path to the socket to bind to.";
};
@ -370,7 +373,7 @@ in {
ProtectKernelTunables = true;
ProtectControlGroups = true;
RestrictAddressFamilies =
optionals (conf.bind != null) ["AF_INET" "AF_INET6"] ++
optionals (conf.port != 0) ["AF_INET" "AF_INET6"] ++
optional (conf.unixSocket != null) "AF_UNIX";
RestrictNamespaces = true;
LockPersonality = true;