summary refs log tree commit diff stats
path: root/system
diff options
context:
space:
mode:
authorAlan Pearce2024-11-27 19:45:28 +0100
committerAlan Pearce2024-11-27 19:45:28 +0100
commit70d04f125ec7cd5df5c94922fa5c80a1c8341db9 (patch)
treed6f14ec426d5ac41be3921f45650a289be4b075e /system
parentbd2f43382e6166e72ba86d18c1215d5dc509cdc3 (diff)
downloadnixfiles-70d04f125ec7cd5df5c94922fa5c80a1c8341db9.tar.lz
nixfiles-70d04f125ec7cd5df5c94922fa5c80a1c8341db9.tar.zst
nixfiles-70d04f125ec7cd5df5c94922fa5c80a1c8341db9.zip
linde: Add redis server for website
Diffstat (limited to 'system')
-rw-r--r--system/linde.nix16
1 files changed, 16 insertions, 0 deletions
diff --git a/system/linde.nix b/system/linde.nix
index bffa2645..482b5a3a 100644
--- a/system/linde.nix
+++ b/system/linde.nix
@@ -13,6 +13,7 @@ let
   net-gw = "172.31.1.1";
   net-ip6 = "2a01:4f8:c012:23a4::1";
   net-rdnsip = "2a01:4f8:c012:23a4::53";
+  net-redisip = "2a01:4f8:c012:23a4::6379";
   net-mask6 = "64";
   net-gw6 = "fe80::1";
   domain = "alanpearce.eu";
@@ -42,6 +43,7 @@ in
     binarycache.file = ../secrets/binarycache.age;
     dex.file = ../secrets/dex.age;
     powerdns.file = ../secrets/powerdns.age;
+    redis-website.file = ../secrets/redis-website.age;
     golink = let golink = config.services.golink; in {
       # hope this doesn't collide...
       path = "${golink.dataDir}/.config/tsnet-golink/auth.key";
@@ -162,6 +164,7 @@ in
       ${net-ip4} = [ "${hostname}.alanpearce.eu" hostname ];
       ${net-ip6} = [ "${hostname}.alanpearce.eu" hostname ];
       ${net-rdnsip} = [ "dns" ];
+      ${net-redisip} = [ "redis" ];
     };
     firewall = {
       enable = true;
@@ -219,6 +222,7 @@ in
         address = [
           "${net-ip6}/${net-mask6}"
           "${net-rdnsip}/${net-mask6}"
+          "${net-redisip}/${net-mask6}"
         ];
         addresses = [{
           Address = "${net-ip4}/${net-mask4}";
@@ -959,6 +963,18 @@ in
     Requires = [ "etcd.service" ];
   };
 
+  services.redis = {
+    servers = {
+      website = {
+        port = 6379;
+        bind = net-redisip;
+        openFirewall = true;
+        databases = 1;
+        maxclients = 6;
+        requirePassFile = config.age.secrets.redis-website.path;
+      };
+    };
+  };
 
   services.syncthing = {
     enable = true;