nixos/redis: add test for unix socket access

This adds a test to check if the unix socket is available to the `redis` group
added in #90027.

1 files changed, 24 insertions, 3 deletions

diff --git a/nixos/tests/redis.nix b/nixos/tests/redis.nix
index 529965d7acd..f51bb029d64 100644
--- a/nixos/tests/redis.nix
+++ b/nixos/tests/redis.nix
@@ -1,4 +1,8 @@
-import ./make-test-python.nix ({ pkgs, ...} : {
+import ./make-test-python.nix ({ pkgs, ... }:
+let
+  redisSocket = "/run/redis/redis.sock";
+in
+{
   name = "redis";
   meta = with pkgs.stdenv.lib.maintainers; {
     maintainers = [ flokli ];
@@ -10,7 +14,20 @@ import ./make-test-python.nix ({ pkgs, ...} : {
 
       {
         services.redis.enable = true;
-        services.redis.unixSocket = "/run/redis/redis.sock";
+        services.redis.unixSocket = redisSocket;
+
+        # Allow access to the unix socket for the "redis" group.
+        services.redis.settings.unixsocketperm = "770";
+
+        users.users."member" = {
+          createHome = false;
+          description = "A member of the redis group";
+          extraGroups = [
+            "redis"
+          ];
+          group = "users";
+          shell = "/bin/sh";
+        };
       };
   };
 
@@ -18,7 +35,11 @@ import ./make-test-python.nix ({ pkgs, ...} : {
     start_all()
     machine.wait_for_unit("redis")
     machine.wait_for_open_port("6379")
+
+    # The unix socket is accessible to the redis group
+    machine.succeed('su member -c "redis-cli ping | grep PONG"')
+
     machine.succeed("redis-cli ping | grep PONG")
-    machine.succeed("redis-cli -s /run/redis/redis.sock ping | grep PONG")
+    machine.succeed("redis-cli -s ${redisSocket} ping | grep PONG")
   '';
 })