linde: enable redis for website
Alan Pearce alan@alanpearce.eu
Wed, 27 Nov 2024 21:02:08 +0100
1 files changed, 13 insertions(+), 2 deletions(-)
jump to
M system/linde.nix → system/linde.nix
@@ -177,6 +177,7 @@ 80 443 53 853 + 6379 9418 6922 ]; @@ -631,6 +632,9 @@ }; certs."stats.alanpearce.eu" = { extraDomainNames = [ "*.stats.alanpearce.eu" ]; }; + certs."redis.alanpearce.eu" = { + group = "redis-website"; + }; }; users.groups.acme.members = [ "caddy" @@ -964,14 +968,21 @@ Requires = [ "etcd.service" ]; }; services.redis = { + enable = true; servers = { website = { - port = 6379; + enable = true; + port = 0; bind = net-redisip; - openFirewall = true; databases = 1; maxclients = 6; requirePassFile = config.age.secrets.redis-website.path; + settings = { + tls-port = 6379; + tls-cert-file = "/var/lib/acme/redis.alanpearce.eu/cert.pem"; + tls-key-file = "/var/lib/acme/redis.alanpearce.eu/key.pem"; + tla-ca-cert-file = "/etc/ssl/certs/ca-certificates.crt"; + }; }; }; };