redis service: Listen on localhost by default. Fixes #100192.
All other database servers in NixOS also use this safe-by-default setting.
This commit is contained in:
parent
c0f4be6652
commit
169ab0b89f
2 changed files with 11 additions and 3 deletions
|
@ -159,6 +159,11 @@
|
|||
to <package>nextcloud20</package>.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The setting <xref linkend="opt-services.redis.bind" /> defaults to <literal>127.0.0.1</literal> now, making Redis listen on the loopback interface only, and not all public network interfaces.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
NixOS now emits a deprecation warning if systemd's <literal>StartLimitInterval</literal> setting is used in a <literal>serviceConfig</literal> section instead of in a <literal>unitConfig</literal>; that setting is deprecated and now undocumented for the service section by systemd upstream, but still effective and somewhat buggy there, which can be confusing. See <link xlink:href="https://github.com/NixOS/nixpkgs/issues/45785">#45785</link> for details.
|
||||
|
|
|
@ -87,9 +87,12 @@ in
|
|||
|
||||
bind = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null; # All interfaces
|
||||
description = "The IP interface to bind to.";
|
||||
example = "127.0.0.1";
|
||||
default = "127.0.0.1";
|
||||
description = ''
|
||||
The IP interface to bind to.
|
||||
<literal>null</literal> means "all interfaces".
|
||||
'';
|
||||
example = "192.0.2.1";
|
||||
};
|
||||
|
||||
unixSocket = mkOption {
|
||||
|
|
Loading…
Reference in a new issue