BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

nixos/redis: bind on localhost by default

Browse source
This commit is contained in:
Naïm Favier 2022-02-28 13:37:47 +01:00
parent 21968db378
commit 6e4f5f9aee
No known key found for this signature in database
GPG key ID: 49B07322580B7EE2
1 changed files with 8 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
nixos/modules/services/databases/redis.nix
View file

@ -81,7 +81,9 @@ in {
user = mkOption {
type = types.str;
default = redisName name;
defaultText = "\"redis\" or \"redis-\${name}\" if name != \"\"";
defaultText = literalExpression ''
if name == "" then "redis" else "redis-''${name}"
'';
description = "The username and groupname for redis-server.";
};
@ -105,8 +107,7 @@ in {
bind = mkOption {
type = with types; nullOr str;
default = if name == "" then "127.0.0.1" else null;
defaultText = literalExpression ''if name == "" then "127.0.0.1" else null'';
default = "127.0.0.1";
description = ''
The IP interface to bind to.
<literal>null</literal> means "all interfaces".
@ -117,7 +118,9 @@ in {
unixSocket = mkOption {
type = with types; nullOr path;
default = "/run/${redisName name}/redis.sock";
defaultText = "\"/run/redis/redis.sock\" or \"/run/redis-\${name}/redis.sock\" if name != \"\"";
defaultText = literalExpression ''
if name == "" then "/run/redis/redis.sock" else "/run/redis-''${name}/redis.sock"
'';
description = "The path to the socket to bind to.";
};
@ -370,7 +373,7 @@ in {
ProtectKernelTunables = true;
ProtectControlGroups = true;
RestrictAddressFamilies =
optionals (conf.bind != null) ["AF_INET" "AF_INET6"] ++
optionals (conf.port != 0) ["AF_INET" "AF_INET6"] ++
optional (conf.unixSocket != null) "AF_UNIX";
RestrictNamespaces = true;
LockPersonality = true;