From 6e4f5f9aeed9403a5f7a35d65f2dc816e34e754d Mon Sep 17 00:00:00 2001 From: Naïm Favier Date: Mon, 28 Feb 2022 13:37:47 +0100 Subject: nixos/redis: bind on localhost by default --- nixos/modules/services/databases/redis.nix | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) (limited to 'nixos/modules/services/databases/redis.nix') diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix index e0269a962fd..a1bd73c9e37 100644 --- a/nixos/modules/services/databases/redis.nix +++ b/nixos/modules/services/databases/redis.nix @@ -81,7 +81,9 @@ in { user = mkOption { type = types.str; default = redisName name; - defaultText = "\"redis\" or \"redis-\${name}\" if name != \"\""; + defaultText = literalExpression '' + if name == "" then "redis" else "redis-''${name}" + ''; description = "The username and groupname for redis-server."; }; @@ -105,8 +107,7 @@ in { bind = mkOption { type = with types; nullOr str; - default = if name == "" then "127.0.0.1" else null; - defaultText = literalExpression ''if name == "" then "127.0.0.1" else null''; + default = "127.0.0.1"; description = '' The IP interface to bind to. null means "all interfaces". @@ -117,7 +118,9 @@ in { unixSocket = mkOption { type = with types; nullOr path; default = "/run/${redisName name}/redis.sock"; - defaultText = "\"/run/redis/redis.sock\" or \"/run/redis-\${name}/redis.sock\" if name != \"\""; + defaultText = literalExpression '' + if name == "" then "/run/redis/redis.sock" else "/run/redis-''${name}/redis.sock" + ''; description = "The path to the socket to bind to."; }; @@ -370,7 +373,7 @@ in { ProtectKernelTunables = true; ProtectControlGroups = true; RestrictAddressFamilies = - optionals (conf.bind != null) ["AF_INET" "AF_INET6"] ++ + optionals (conf.port != 0) ["AF_INET" "AF_INET6"] ++ optional (conf.unixSocket != null) "AF_UNIX"; RestrictNamespaces = true; LockPersonality = true; -- cgit 1.4.1