diff options
author | Julien Moutinho <julm+nixpkgs@sourcephile.fr> | 2021-08-23 19:57:49 +0200 |
---|---|---|
committer | tomberek <tomberek@users.noreply.github.com> | 2021-12-13 14:42:19 -0500 |
commit | 747555437232a73184e8eab6daae368047042709 (patch) | |
tree | e3a3fbb3576a8e158d6d9cb9aba48792ce5fb34d /nixos/doc/manual/from_md/release-notes/rl-2205.section.xml | |
parent | f40283cf62305822fcae4d9c89b97ca7f036aee3 (diff) | |
download | nixpkgs-747555437232a73184e8eab6daae368047042709.tar nixpkgs-747555437232a73184e8eab6daae368047042709.tar.gz nixpkgs-747555437232a73184e8eab6daae368047042709.tar.bz2 nixpkgs-747555437232a73184e8eab6daae368047042709.tar.lz nixpkgs-747555437232a73184e8eab6daae368047042709.tar.xz nixpkgs-747555437232a73184e8eab6daae368047042709.tar.zst nixpkgs-747555437232a73184e8eab6daae368047042709.zip |
nixos/redis: enable multiple instances of redis-server
Diffstat (limited to 'nixos/doc/manual/from_md/release-notes/rl-2205.section.xml')
-rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2205.section.xml | 29 |
1 files changed, 27 insertions, 2 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml index 144b277438a..2a65b2f11a8 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -87,7 +87,32 @@ </section> <section xml:id="sec-release-22.05-notable-changes"> <title>Other Notable Changes</title> - <para> - </para> + <itemizedlist spacing="compact"> + <listitem> + <para> + The option + <link linkend="opt-services.redis.servers">services.redis.servers</link> + was added to support per-application + <literal>redis-server</literal> which is more secure since + Redis databases are only mere key prefixes without any + configuration or ACL of their own. Backward-compatibility is + preserved by mapping old + <literal>services.redis.settings</literal> to + <literal>services.redis.servers."".settings</literal>, + but you are strongly encouraged to name each + <literal>redis-server</literal> instance after the application + using it, instead of keeping that nameless one. Except for the + nameless + <literal>services.redis.servers.""</literal> still + accessible at <literal>127.0.0.1:6379</literal>, and to the + members of the Unix group <literal>redis</literal> through the + Unix socket <literal>/run/redis/redis.sock</literal>, all + other <literal>services.redis.servers.${serverName}</literal> + are only accessible by default to the members of the Unix + group <literal>redis-${serverName}</literal> through the Unix + socket <literal>/run/redis-${serverName}/redis.sock</literal>. + </para> + </listitem> + </itemizedlist> </section> </section> |