nixos/redis: store config in state directory

this is needed because certain redis features, like sentinel, require
the config file to be persistent
This commit is contained in:
ajs124 2022-11-09 02:35:39 +01:00
parent 168ad716e0
commit bc4e9a890c
3 changed files with 27 additions and 10 deletions

View file

@ -1189,6 +1189,13 @@ signald -d /var/lib/signald/db \
will be removed once the transition to CommonMark is complete. will be removed once the transition to CommonMark is complete.
</para> </para>
</listitem> </listitem>
<listitem>
<para>
The redis module now persists each instances configuration
file in the state directory, in order to support some more
advanced use cases like sentinel.
</para>
</listitem>
<listitem> <listitem>
<para> <para>
The udisks2 service, available at The udisks2 service, available at

View file

@ -362,6 +362,8 @@ Available as [services.patroni](options.html#opt-services.patroni.enable).
- The `documentation.nixos.options.allowDocBook` option was added to ease the transition to CommonMark option documentation. Setting this option to `false` causes an error for every option included in the manual that uses DocBook documentation; it defaults to `true` to preserve the previous behavior and will be removed once the transition to CommonMark is complete. - The `documentation.nixos.options.allowDocBook` option was added to ease the transition to CommonMark option documentation. Setting this option to `false` causes an error for every option included in the manual that uses DocBook documentation; it defaults to `true` to preserve the previous behavior and will be removed once the transition to CommonMark is complete.
- The redis module now persists each instance's configuration file in the state directory, in order to support some more advanced use cases like sentinel.
- The udisks2 service, available at `services.udisks2.enable`, is now disabled by default. It will automatically be enabled through services and desktop environments as needed. - The udisks2 service, available at `services.udisks2.enable`, is now disabled by default. It will automatically be enabled through services and desktop environments as needed.
This also means that polkit will now actually be disabled by default. The default for `security.polkit.enable` was already flipped in the previous release, but udisks2 being enabled by default re-enabled it. This also means that polkit will now actually be disabled by default. The default for `security.polkit.enable` was already flipped in the previous release, but udisks2 being enabled by default re-enabled it.

View file

@ -347,16 +347,24 @@ in {
after = [ "network.target" ]; after = [ "network.target" ];
serviceConfig = { serviceConfig = {
ExecStart = "${cfg.package}/bin/redis-server /run/${redisName name}/redis.conf ${escapeShellArgs conf.extraParams}"; ExecStart = "${cfg.package}/bin/redis-server /var/lib/${redisName name}/redis.conf ${escapeShellArgs conf.extraParams}";
ExecStartPre = [("+"+pkgs.writeShellScript "${redisName name}-credentials" ('' ExecStartPre = "+"+pkgs.writeShellScript "${redisName name}-prep-conf" (let
install -o '${conf.user}' -m 600 ${redisConfig conf.settings} /run/${redisName name}/redis.conf redisConfVar = "/var/lib/${redisName name}/redis.conf";
'' + optionalString (conf.requirePassFile != null) '' redisConfRun = "/run/${redisName name}/nixos.conf";
{ redisConfStore = redisConfig conf.settings;
printf requirePass' ' in ''
cat ${escapeShellArg conf.requirePassFile} touch "${redisConfVar}" "${redisConfRun}"
} >>/run/${redisName name}/redis.conf chown '${conf.user}' "${redisConfVar}" "${redisConfRun}"
'') chmod 0600 "${redisConfVar}" "${redisConfRun}"
)]; if [ ! -s ${redisConfVar} ]; then
echo 'include "${redisConfRun}"' > "${redisConfVar}"
fi
echo 'include "${redisConfStore}"' > "${redisConfRun}"
${optionalString (conf.requirePassFile != null) ''
{echo -n "requirepass "
cat ${escapeShellArg conf.requirePassFile}} >> "${redisConfRun}"
''}
'');
Type = "notify"; Type = "notify";
# User and group # User and group
User = conf.user; User = conf.user;