keydb: init at 6.3.4

author: Simon Hauser <simon.hauser@helsinki-systems.de> 2024-04-05 12:40:34 +0200
committer: Simon Hauser <simon.hauser@helsinki-systems.de> 2024-04-11 10:47:07 +0200
commit: b3642388fe18aefb168d9d6cb7365ce17ca3a6da (patch)
tree: 644734cb544d621ed0f60208db4654bbc5fd3b7d /nixos/modules/services/databases
parent: 3541c7628de9414f999ced044c95a284584f4ec1 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix
index 2e644895a260..fe2d75fc53a9 100644
--- a/nixos/modules/services/databases/redis.nix
+++ b/nixos/modules/services/databases/redis.nix
@@ -338,7 +338,7 @@ in {
       after = [ "network.target" ];
 
       serviceConfig = {
-        ExecStart = "${cfg.package}/bin/redis-server /var/lib/${redisName name}/redis.conf ${escapeShellArgs conf.extraParams}";
+        ExecStart = "${cfg.package}/bin/${cfg.package.serverBin or "redis-server"} /var/lib/${redisName name}/redis.conf ${escapeShellArgs conf.extraParams}";
         ExecStartPre = "+"+pkgs.writeShellScript "${redisName name}-prep-conf" (let
           redisConfVar = "/var/lib/${redisName name}/redis.conf";
           redisConfRun = "/run/${redisName name}/nixos.conf";
@@ -391,7 +391,8 @@ in {
         RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
         RestrictNamespaces = true;
         LockPersonality = true;
-        MemoryDenyWriteExecute = true;
+        # we need to disable MemoryDenyWriteExecute for keydb
+        MemoryDenyWriteExecute = cfg.package.pname != "keydb";
         RestrictRealtime = true;
         RestrictSUIDSGID = true;
         PrivateMounts = true;
author	Simon Hauser <simon.hauser@helsinki-systems.de>	2024-04-05 12:40:34 +0200
committer	Simon Hauser <simon.hauser@helsinki-systems.de>	2024-04-11 10:47:07 +0200
commit	b3642388fe18aefb168d9d6cb7365ce17ca3a6da (patch)
tree	644734cb544d621ed0f60208db4654bbc5fd3b7d /nixos/modules/services/databases
parent	3541c7628de9414f999ced044c95a284584f4ec1 (diff)