redis service: add firewall and VM overcommit options

- Add vm.over_commit setting for background saving - Add openFirewall setting Closes #10193
2015-10-02 23:22:27 -07:00 · 2015-10-02 23:22:27 -07:00 · 3a1beb6347
parent 3e0943d5ba
commit 3a1beb6347
1 changed files with 24 additions and 0 deletions
--- a/nixos/modules/services/databases/redis.nix
+++ b/nixos/modules/services/databases/redis.nix
@ -68,6 +68,22 @@ in
        description = "The port for Redis to listen to.";
      };

+      vmOverCommit = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Set vm.overcommit_memory to 1 (Suggested for Background Saving: http://redis.io/topics/faq)
+        '';
+      };
+
+      openFirewall = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to open ports in the firewall for the server.
+        '';
+      };
+
      bind = mkOption {
        type = with types; nullOr str;
        default = null; # All interfaces
@ -193,6 +209,14 @@ in

  config = mkIf config.services.redis.enable {

+    boot.kernel.sysctl = mkIf cfg.vmOverCommit {
+      "vm.overcommit_memory" = "1";
+    };
+
+    networking.firewall = mkIf cfg.openFirewall {
+      allowedTCPPorts = [ cfg.port ];
+    };
+
    users.extraUsers.redis =
      { name = cfg.user;
        uid = config.ids.uids.redis;