c9c8a2c5b3
before: - /var/run/memcached is a bad default for a socket path, since its parent directory must be writeable by memcached. - Socket directory was not created by the module itself -> this was left as a burden to the user? - Having a static uid with a dynamic user name is not very useful. after: - Replace services.memcached.socket by a boolean flag. This simplifies our code, since we do not have to check if the user specifies a path with a parent directory that should be owned by memcached (/run/memcached/memcached.sock -> /run/memcached). - Remove fixed uid/gid allocation. The only file ever owned by the daemon is the socket that will be recreated on every start. Therefore user and group ids do not need to be static. - only create the memcached user, if the user has not specified a different one. The major use case for changing option is to allow existing services (such as php-fpm) opening the local unix socket. If we would unconditionally create a user that option would be useless.
103 lines
2.5 KiB
Nix
103 lines
2.5 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
|
|
cfg = config.services.memcached;
|
|
|
|
memcached = pkgs.memcached;
|
|
|
|
in
|
|
|
|
{
|
|
|
|
###### interface
|
|
|
|
options = {
|
|
|
|
services.memcached = {
|
|
|
|
enable = mkOption {
|
|
default = false;
|
|
description = "
|
|
Whether to enable Memcached.
|
|
";
|
|
};
|
|
|
|
user = mkOption {
|
|
default = "memcached";
|
|
description = "The user to run Memcached as";
|
|
};
|
|
|
|
listen = mkOption {
|
|
default = "127.0.0.1";
|
|
description = "The IP address to bind to";
|
|
};
|
|
|
|
port = mkOption {
|
|
default = 11211;
|
|
description = "The port to bind to";
|
|
};
|
|
|
|
enableUnixSocket = mkEnableOption "unix socket at /run/memcached/memcached.sock";
|
|
|
|
maxMemory = mkOption {
|
|
default = 64;
|
|
description = "The maximum amount of memory to use for storage, in megabytes.";
|
|
};
|
|
|
|
maxConnections = mkOption {
|
|
default = 1024;
|
|
description = "The maximum number of simultaneous connections";
|
|
};
|
|
|
|
extraOptions = mkOption {
|
|
default = [];
|
|
description = "A list of extra options that will be added as a suffix when running memcached";
|
|
};
|
|
};
|
|
|
|
};
|
|
|
|
###### implementation
|
|
|
|
config = mkIf config.services.memcached.enable {
|
|
|
|
users.extraUsers = optional (cfg.user == "memcached") {
|
|
name = "memcached";
|
|
description = "Memcached server user";
|
|
};
|
|
|
|
environment.systemPackages = [ memcached ];
|
|
|
|
systemd.services.memcached = {
|
|
description = "Memcached server";
|
|
|
|
wantedBy = [ "multi-user.target" ];
|
|
after = [ "network.target" ];
|
|
|
|
serviceConfig = {
|
|
PermissionsStartOnly = true;
|
|
ExecStartPre = optionals cfg.enableUnixSocket [
|
|
"${pkgs.coreutils}/bin/install -d -o ${cfg.user} /run/memcached/"
|
|
"${pkgs.coreutils}/bin/chown -R ${cfg.user} /run/memcached/"
|
|
];
|
|
ExecStart =
|
|
let
|
|
networking = if cfg.enableUnixSocket
|
|
then "-s /run/memcached/memcached.sock"
|
|
else "-l ${cfg.listen} -p ${toString cfg.port}";
|
|
in "${memcached}/bin/memcached ${networking} -m ${toString cfg.maxMemory} -c ${toString cfg.maxConnections} ${concatStringsSep " " cfg.extraOptions}";
|
|
|
|
User = cfg.user;
|
|
};
|
|
};
|
|
};
|
|
imports = [
|
|
(mkRemovedOptionModule ["services" "memcached" "socket"] ''
|
|
This option was replaced by a fixed unix socket path at /run/memcached/memcached.sock enabled using services.memached.enableUnixSocket.
|
|
'')
|
|
];
|
|
|
|
}
|