all repos — nixfiles @ ebb621c0d4f3c5f02df014898006f68e7dadb552

System and user configuration, managed by nix and home-manager

linde: enable redis for website

Alan Pearce
commit

ebb621c0d4f3c5f02df014898006f68e7dadb552

parent

162d4d2468aeb53685da1ff07419c2b77820e59b

1 file changed, 13 insertions(+), 2 deletions(-)

jump to
M system/linde.nixsystem/linde.nix
@@ -177,6 +177,7 @@ 80
443 53 853 + 6379 9418 6922 ];
@@ -631,6 +632,9 @@ };
certs."stats.alanpearce.eu" = { extraDomainNames = [ "*.stats.alanpearce.eu" ]; }; + certs."redis.alanpearce.eu" = { + group = "redis-website"; + }; }; users.groups.acme.members = [ "caddy"
@@ -964,14 +968,21 @@ Requires = [ "etcd.service" ];
}; services.redis = { + enable = true; servers = { website = { - port = 6379; + enable = true; + port = 0; bind = net-redisip; - openFirewall = true; databases = 1; maxclients = 6; requirePassFile = config.age.secrets.redis-website.path; + settings = { + tls-port = 6379; + tls-cert-file = "/var/lib/acme/redis.alanpearce.eu/cert.pem"; + tls-key-file = "/var/lib/acme/redis.alanpearce.eu/key.pem"; + tla-ca-cert-file = "/etc/ssl/certs/ca-certificates.crt"; + }; }; }; };