summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorAlan Pearce2024-11-27 21:02:08 +0100
committerAlan Pearce2024-11-27 21:02:08 +0100
commitebb621c0d4f3c5f02df014898006f68e7dadb552 (patch)
tree6d5344468892a2c9a7332ccb5ce314accc67735c
parent162d4d2468aeb53685da1ff07419c2b77820e59b (diff)
downloadnixfiles-ebb621c0d4f3c5f02df014898006f68e7dadb552.tar.lz
nixfiles-ebb621c0d4f3c5f02df014898006f68e7dadb552.tar.zst
nixfiles-ebb621c0d4f3c5f02df014898006f68e7dadb552.zip
linde: enable redis for website
-rw-r--r--system/linde.nix15
1 files changed, 13 insertions, 2 deletions
diff --git a/system/linde.nix b/system/linde.nix
index 482b5a3a..a02e0c9b 100644
--- a/system/linde.nix
+++ b/system/linde.nix
@@ -177,6 +177,7 @@ in
         443
         53
         853
+        6379
         9418
         6922
       ];
@@ -631,6 +632,9 @@ in
     certs."stats.alanpearce.eu" = {
       extraDomainNames = [ "*.stats.alanpearce.eu" ];
     };
+    certs."redis.alanpearce.eu" = {
+      group = "redis-website";
+    };
   };
   users.groups.acme.members = [
     "caddy"
@@ -964,14 +968,21 @@ in
   };
 
   services.redis = {
+    enable = true;
     servers = {
       website = {
-        port = 6379;
+        enable = true;
+        port = 0;
         bind = net-redisip;
-        openFirewall = true;
         databases = 1;
         maxclients = 6;
         requirePassFile = config.age.secrets.redis-website.path;
+        settings = {
+          tls-port = 6379;
+          tls-cert-file = "/var/lib/acme/redis.alanpearce.eu/cert.pem";
+          tls-key-file = "/var/lib/acme/redis.alanpearce.eu/key.pem";
+          tla-ca-cert-file = "/etc/ssl/certs/ca-certificates.crt";
+        };
       };
     };
   };