diff options
author | talyz <kim.lindberger@gmail.com> | 2022-10-04 14:52:12 +0200 |
---|---|---|
committer | Yureka <yuka@yuka.dev> | 2022-10-09 08:12:19 +0200 |
commit | 3dedfb3fa03c5a4eda64bdb1dfd9a39fa587bc8a (patch) | |
tree | d8b31819b328d71f4702dd3697584fda1d38bc5d /nixos/modules/services/misc | |
parent | 843082eb3af6a453b3aeb6c3c6724e508aa44478 (diff) | |
download | nixpkgs-3dedfb3fa03c5a4eda64bdb1dfd9a39fa587bc8a.tar nixpkgs-3dedfb3fa03c5a4eda64bdb1dfd9a39fa587bc8a.tar.gz nixpkgs-3dedfb3fa03c5a4eda64bdb1dfd9a39fa587bc8a.tar.bz2 nixpkgs-3dedfb3fa03c5a4eda64bdb1dfd9a39fa587bc8a.tar.lz nixpkgs-3dedfb3fa03c5a4eda64bdb1dfd9a39fa587bc8a.tar.xz nixpkgs-3dedfb3fa03c5a4eda64bdb1dfd9a39fa587bc8a.tar.zst nixpkgs-3dedfb3fa03c5a4eda64bdb1dfd9a39fa587bc8a.zip |
nixos/gitlab: Connect to redis through a unix socket by default
This gives us slightly higher security as you have to be in the gitlab group to connect, and possibly a (very small) performance benefit as well.
Diffstat (limited to 'nixos/modules/services/misc')
-rw-r--r-- | nixos/modules/services/misc/gitlab.nix | 18 |
1 files changed, 6 insertions, 12 deletions
diff --git a/nixos/modules/services/misc/gitlab.nix b/nixos/modules/services/misc/gitlab.nix index 98d822c19de..60d7df08c05 100644 --- a/nixos/modules/services/misc/gitlab.nix +++ b/nixos/modules/services/misc/gitlab.nix @@ -91,13 +91,6 @@ let repos_path = "${cfg.statePath}/repositories"; secret_file = "${cfg.statePath}/gitlab_shell_secret"; log_file = "${cfg.statePath}/log/gitlab-shell.log"; - redis = { - bin = "${pkgs.redis}/bin/redis-cli"; - host = "127.0.0.1"; - port = config.services.redis.servers.gitlab.port; - database = 0; - namespace = "resque:gitlab"; - }; }; redisConfig.production.url = cfg.redisUrl; @@ -481,9 +474,9 @@ in { redisUrl = mkOption { type = types.str; - default = "redis://localhost:${toString config.services.redis.servers.gitlab.port}/"; - defaultText = literalExpression ''redis://localhost:''${toString config.services.redis.servers.gitlab.port}/''; - description = lib.mdDoc "Redis URL for all GitLab services except gitlab-shell"; + default = "unix:/run/gitlab/redis.sock"; + example = "redis://localhost:6379/"; + description = lib.mdDoc "Redis URL for all GitLab services."; }; extraGitlabRb = mkOption { @@ -1018,8 +1011,9 @@ in { # Redis is required for the sidekiq queue runner. services.redis.servers.gitlab = { enable = mkDefault true; - port = mkDefault 31636; - bind = mkDefault "127.0.0.1"; + user = mkDefault cfg.user; + unixSocket = mkDefault "/run/gitlab/redis.sock"; + unixSocketPerm = mkDefault 770; }; # We use postgres as the main data store. |