Merge pull request #301804 from helsinki-systems/init/keydb

keydb: init at 6.3.4

2 files changed, 83 insertions, 39 deletions

diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix
index 2e644895a260..fe2d75fc53a9 100644
--- a/nixos/modules/services/databases/redis.nix
+++ b/nixos/modules/services/databases/redis.nix
@@ -338,7 +338,7 @@ in {
       after = [ "network.target" ];
 
       serviceConfig = {
-        ExecStart = "${cfg.package}/bin/redis-server /var/lib/${redisName name}/redis.conf ${escapeShellArgs conf.extraParams}";
+        ExecStart = "${cfg.package}/bin/${cfg.package.serverBin or "redis-server"} /var/lib/${redisName name}/redis.conf ${escapeShellArgs conf.extraParams}";
         ExecStartPre = "+"+pkgs.writeShellScript "${redisName name}-prep-conf" (let
           redisConfVar = "/var/lib/${redisName name}/redis.conf";
           redisConfRun = "/run/${redisName name}/nixos.conf";
@@ -391,7 +391,8 @@ in {
         RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
         RestrictNamespaces = true;
         LockPersonality = true;
-        MemoryDenyWriteExecute = true;
+        # we need to disable MemoryDenyWriteExecute for keydb
+        MemoryDenyWriteExecute = cfg.package.pname != "keydb";
         RestrictRealtime = true;
         RestrictSUIDSGID = true;
         PrivateMounts = true;
diff --git a/nixos/tests/redis.nix b/nixos/tests/redis.nix
index 94b50d07be6d..6c84701c9c0a 100644
--- a/nixos/tests/redis.nix
+++ b/nixos/tests/redis.nix
@@ -1,44 +1,87 @@
-import ./make-test-python.nix ({ pkgs, lib, ... }:
 {
-  name = "redis";
-  meta.maintainers = with lib.maintainers; [ flokli ];
-
-  nodes = {
-    machine =
-      { pkgs, lib, ... }:
-
-      {
-        services.redis.servers."".enable = true;
-        services.redis.servers."test".enable = true;
-
-        users.users = lib.listToAttrs (map (suffix: lib.nameValuePair "member${suffix}" {
-          createHome = false;
-          description = "A member of the redis${suffix} group";
-          isNormalUser = true;
-          extraGroups = [ "redis${suffix}" ];
-        }) ["" "-test"]);
-      };
+  system ? builtins.currentSystem,
+  config ? { },
+  pkgs ? import ../../.. { inherit system config; },
+
+  lib ? pkgs.lib,
+}:
+let
+  makeTest = import ./make-test-python.nix;
+  mkTestName =
+    pkg: "${pkg.pname}_${builtins.replaceStrings [ "." ] [ "" ] (lib.versions.majorMinor pkg.version)}";
+  redisPackages = {
+    inherit (pkgs) redis keydb;
   };
+  makeRedisTest =
+    {
+      package,
+      name ? mkTestName package,
+    }:
+    makeTest {
+      inherit name;
+      meta.maintainers = [
+        lib.maintainers.flokli
+        lib.teams.helsinki-systems.members
+      ];
+
+      nodes = {
+        machine =
+          { lib, ... }:
+
+          {
+            services = {
+              redis = {
+                inherit package;
+                servers."".enable = true;
+                servers."test".enable = true;
+              };
+            };
+
+            users.users = lib.listToAttrs (
+              map
+                (
+                  suffix:
+                  lib.nameValuePair "member${suffix}" {
+                    createHome = false;
+                    description = "A member of the redis${suffix} group";
+                    isNormalUser = true;
+                    extraGroups = [ "redis${suffix}" ];
+                  }
+                )
+                [
+                  ""
+                  "-test"
+                ]
+            );
+          };
+      };
 
-  testScript = { nodes, ... }: let
-    inherit (nodes.machine.config.services) redis;
-    in ''
-    start_all()
-    machine.wait_for_unit("redis")
-    machine.wait_for_unit("redis-test")
+      testScript =
+        { nodes, ... }:
+        let
+          inherit (nodes.machine.services) redis;
+        in
+        ''
+          start_all()
+          machine.wait_for_unit("redis")
+          machine.wait_for_unit("redis-test")
 
-    # The unnamed Redis server still opens a port for backward-compatibility
-    machine.wait_for_open_port(6379)
+          # The unnamed Redis server still opens a port for backward-compatibility
+          machine.wait_for_open_port(6379)
 
-    machine.wait_for_file("${redis.servers."".unixSocket}")
-    machine.wait_for_file("${redis.servers."test".unixSocket}")
+          machine.wait_for_file("${redis.servers."".unixSocket}")
+          machine.wait_for_file("${redis.servers."test".unixSocket}")
 
-    # The unix socket is accessible to the redis group
-    machine.succeed('su member -c "redis-cli ping | grep PONG"')
-    machine.succeed('su member-test -c "redis-cli ping | grep PONG"')
+          # The unix socket is accessible to the redis group
+          machine.succeed('su member -c "${pkgs.redis}/bin/redis-cli ping | grep PONG"')
+          machine.succeed('su member-test -c "${pkgs.redis}/bin/redis-cli ping | grep PONG"')
 
-    machine.succeed("redis-cli ping | grep PONG")
-    machine.succeed("redis-cli -s ${redis.servers."".unixSocket} ping | grep PONG")
-    machine.succeed("redis-cli -s ${redis.servers."test".unixSocket} ping | grep PONG")
-  '';
-})
+          machine.succeed("${pkgs.redis}/bin/redis-cli ping | grep PONG")
+          machine.succeed("${pkgs.redis}/bin/redis-cli -s ${redis.servers."".unixSocket} ping | grep PONG")
+          machine.succeed("${pkgs.redis}/bin/redis-cli -s ${
+            redis.servers."test".unixSocket
+          } ping | grep PONG")
+        '';
+    };
+in
+lib.mapAttrs (_: package: makeRedisTest { inherit package; }) redisPackages