all repos — nixfiles @ ebb621c0d4f3c5f02df014898006f68e7dadb552

System and user configuration, managed by nix and home-manager

linde: enable redis for website

Alan Pearce
commit

ebb621c0d4f3c5f02df014898006f68e7dadb552

parent

162d4d2468aeb53685da1ff07419c2b77820e59b

1 file changed, 13 insertions(+), 2 deletions(-)

jump to
M system/linde.nixsystem/linde.nix
@@ -177,6 +177,7 @@ 80
         443
         53
         853
+        6379
         9418
         6922
       ];

@@ -631,6 +632,9 @@ };
     certs."stats.alanpearce.eu" = {
       extraDomainNames = [ "*.stats.alanpearce.eu" ];
     };
+    certs."redis.alanpearce.eu" = {
+      group = "redis-website";
+    };
   };
   users.groups.acme.members = [
     "caddy"

@@ -964,14 +968,21 @@ Requires = [ "etcd.service" ];
   };
 
   services.redis = {
+    enable = true;
     servers = {
       website = {
-        port = 6379;
+        enable = true;
+        port = 0;
         bind = net-redisip;
-        openFirewall = true;
         databases = 1;
         maxclients = 6;
         requirePassFile = config.age.secrets.redis-website.path;
+        settings = {
+          tls-port = 6379;
+          tls-cert-file = "/var/lib/acme/redis.alanpearce.eu/cert.pem";
+          tls-key-file = "/var/lib/acme/redis.alanpearce.eu/key.pem";
+          tla-ca-cert-file = "/etc/ssl/certs/ca-certificates.crt";
+        };
       };
     };
   };