nixos/redis: bind on localhost by default

author: Naïm Favier <n@monade.li> 2022-02-28 13:37:47 +0100
committer: Naïm Favier <n@monade.li> 2022-02-28 13:37:47 +0100
commit: 6e4f5f9aeed9403a5f7a35d65f2dc816e34e754d (patch)
tree: 9f0a227a76b1b8ff61c4e4cc99f577c22aaf8f4c /nixos/modules/services/databases/redis.nix
parent: 21968db378c9144f418c1e8e7002316aa8b75776 (diff)
download: nixpkgs-6e4f5f9aeed9403a5f7a35d65f2dc816e34e754d.tar
nixpkgs-6e4f5f9aeed9403a5f7a35d65f2dc816e34e754d.tar.gz
nixpkgs-6e4f5f9aeed9403a5f7a35d65f2dc816e34e754d.tar.bz2
nixpkgs-6e4f5f9aeed9403a5f7a35d65f2dc816e34e754d.tar.lz
nixpkgs-6e4f5f9aeed9403a5f7a35d65f2dc816e34e754d.tar.xz
nixpkgs-6e4f5f9aeed9403a5f7a35d65f2dc816e34e754d.tar.zst
nixpkgs-6e4f5f9aeed9403a5f7a35d65f2dc816e34e754d.zip
1 files changed, 8 insertions, 5 deletions
diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix
index e0269a962fd..a1bd73c9e37 100644
--- a/nixos/modules/services/databases/redis.nix
+++ b/nixos/modules/services/databases/redis.nix
@@ -81,7 +81,9 @@ in {
             user = mkOption {
               type = types.str;
               default = redisName name;
-              defaultText = "\"redis\" or \"redis-\${name}\" if name != \"\"";
+              defaultText = literalExpression ''
+                if name == "" then "redis" else "redis-''${name}"
+              '';
               description = "The username and groupname for redis-server.";
             };
 
@@ -105,8 +107,7 @@ in {
 
             bind = mkOption {
               type = with types; nullOr str;
-              default = if name == "" then "127.0.0.1" else null;
-              defaultText = literalExpression ''if name == "" then "127.0.0.1" else null'';
+              default = "127.0.0.1";
               description = ''
                 The IP interface to bind to.
                 <literal>null</literal> means "all interfaces".
@@ -117,7 +118,9 @@ in {
             unixSocket = mkOption {
               type = with types; nullOr path;
               default = "/run/${redisName name}/redis.sock";
-              defaultText = "\"/run/redis/redis.sock\" or \"/run/redis-\${name}/redis.sock\" if name != \"\"";
+              defaultText = literalExpression ''
+                if name == "" then "/run/redis/redis.sock" else "/run/redis-''${name}/redis.sock"
+              '';
               description = "The path to the socket to bind to.";
             };
 
@@ -370,7 +373,7 @@ in {
         ProtectKernelTunables = true;
         ProtectControlGroups = true;
         RestrictAddressFamilies =
-          optionals (conf.bind != null) ["AF_INET" "AF_INET6"] ++
+          optionals (conf.port != 0) ["AF_INET" "AF_INET6"] ++
           optional (conf.unixSocket != null) "AF_UNIX";
         RestrictNamespaces = true;
         LockPersonality = true;
author	Naïm Favier <n@monade.li>	2022-02-28 13:37:47 +0100
committer	Naïm Favier <n@monade.li>	2022-02-28 13:37:47 +0100
commit	6e4f5f9aeed9403a5f7a35d65f2dc816e34e754d (patch)
tree	9f0a227a76b1b8ff61c4e4cc99f577c22aaf8f4c /nixos/modules/services/databases/redis.nix
parent	21968db378c9144f418c1e8e7002316aa8b75776 (diff)
download	nixpkgs-6e4f5f9aeed9403a5f7a35d65f2dc816e34e754d.tar nixpkgs-6e4f5f9aeed9403a5f7a35d65f2dc816e34e754d.tar.gz nixpkgs-6e4f5f9aeed9403a5f7a35d65f2dc816e34e754d.tar.bz2 nixpkgs-6e4f5f9aeed9403a5f7a35d65f2dc816e34e754d.tar.lz nixpkgs-6e4f5f9aeed9403a5f7a35d65f2dc816e34e754d.tar.xz nixpkgs-6e4f5f9aeed9403a5f7a35d65f2dc816e34e754d.tar.zst nixpkgs-6e4f5f9aeed9403a5f7a35d65f2dc816e34e754d.zip