From ebb621c0d4f3c5f02df014898006f68e7dadb552 Mon Sep 17 00:00:00 2001 From: Alan Pearce Date: Wed, 27 Nov 2024 21:02:08 +0100 Subject: linde: enable redis for website --- system/linde.nix | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'system/linde.nix') diff --git a/system/linde.nix b/system/linde.nix index 482b5a3a..a02e0c9b 100644 --- a/system/linde.nix +++ b/system/linde.nix @@ -177,6 +177,7 @@ in 443 53 853 + 6379 9418 6922 ]; @@ -631,6 +632,9 @@ in certs."stats.alanpearce.eu" = { extraDomainNames = [ "*.stats.alanpearce.eu" ]; }; + certs."redis.alanpearce.eu" = { + group = "redis-website"; + }; }; users.groups.acme.members = [ "caddy" @@ -964,14 +968,21 @@ in }; services.redis = { + enable = true; servers = { website = { - port = 6379; + enable = true; + port = 0; bind = net-redisip; - openFirewall = true; databases = 1; maxclients = 6; requirePassFile = config.age.secrets.redis-website.path; + settings = { + tls-port = 6379; + tls-cert-file = "/var/lib/acme/redis.alanpearce.eu/cert.pem"; + tls-key-file = "/var/lib/acme/redis.alanpearce.eu/key.pem"; + tla-ca-cert-file = "/etc/ssl/certs/ca-certificates.crt"; + }; }; }; }; -- cgit 1.4.1