movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-19 16:09:19 +03:00
Code Activity

Merge pull request #162214 from ncfavier/redis-bind-localhost

Browse source
This commit is contained in:
Sandro 2022-03-08 12:38:39 +01:00 committed by GitHub
commit 0ffade9012
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

13
nixos/modules/services/databases/redis.nix
View file

@ -81,7 +81,9 @@ in {
user = mkOption { user = mkOption {
type = types.str; type = types.str;
default = redisName name; default = redisName name;
defaultText = "\"redis\" or \"redis-\${name}\" if name != \"\""; defaultText = literalExpression ''
if name == "" then "redis" else "redis-''${name}"
'';
description = "The username and groupname for redis-server."; description = "The username and groupname for redis-server.";
}; };
@ -105,8 +107,7 @@ in {
bind = mkOption { bind = mkOption {
type = with types; nullOr str; type = with types; nullOr str;
default = if name == "" then "127.0.0.1" else null; default = "127.0.0.1";
defaultText = literalExpression ''if name == "" then "127.0.0.1" else null'';
description = '' description = ''
The IP interface to bind to. The IP interface to bind to.
<literal>null</literal> means "all interfaces". <literal>null</literal> means "all interfaces".
@ -117,7 +118,9 @@ in {
unixSocket = mkOption { unixSocket = mkOption {
type = with types; nullOr path; type = with types; nullOr path;
default = "/run/${redisName name}/redis.sock"; default = "/run/${redisName name}/redis.sock";
defaultText = "\"/run/redis/redis.sock\" or \"/run/redis-\${name}/redis.sock\" if name != \"\""; defaultText = literalExpression ''
if name == "" then "/run/redis/redis.sock" else "/run/redis-''${name}/redis.sock"
'';
description = "The path to the socket to bind to."; description = "The path to the socket to bind to.";
}; };
@ -370,7 +373,7 @@ in {
ProtectKernelTunables = true; ProtectKernelTunables = true;
ProtectControlGroups = true; ProtectControlGroups = true;
RestrictAddressFamilies = RestrictAddressFamilies =
optionals (conf.bind != null) ["AF_INET" "AF_INET6"] ++ optionals (conf.port != 0) ["AF_INET" "AF_INET6"] ++
optional (conf.unixSocket != null) "AF_UNIX"; optional (conf.unixSocket != null) "AF_UNIX";
RestrictNamespaces = true; RestrictNamespaces = true;
LockPersonality = true; LockPersonality = true;