diff options
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/databases/redis.nix | 5 | ||||
-rw-r--r-- | nixos/tests/redis.nix | 117 |
2 files changed, 83 insertions, 39 deletions
diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix index 2e644895a260..fe2d75fc53a9 100644 --- a/nixos/modules/services/databases/redis.nix +++ b/nixos/modules/services/databases/redis.nix @@ -338,7 +338,7 @@ in { after = [ "network.target" ]; serviceConfig = { - ExecStart = "${cfg.package}/bin/redis-server /var/lib/${redisName name}/redis.conf ${escapeShellArgs conf.extraParams}"; + ExecStart = "${cfg.package}/bin/${cfg.package.serverBin or "redis-server"} /var/lib/${redisName name}/redis.conf ${escapeShellArgs conf.extraParams}"; ExecStartPre = "+"+pkgs.writeShellScript "${redisName name}-prep-conf" (let redisConfVar = "/var/lib/${redisName name}/redis.conf"; redisConfRun = "/run/${redisName name}/nixos.conf"; @@ -391,7 +391,8 @@ in { RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ]; RestrictNamespaces = true; LockPersonality = true; - MemoryDenyWriteExecute = true; + # we need to disable MemoryDenyWriteExecute for keydb + MemoryDenyWriteExecute = cfg.package.pname != "keydb"; RestrictRealtime = true; RestrictSUIDSGID = true; PrivateMounts = true; diff --git a/nixos/tests/redis.nix b/nixos/tests/redis.nix index 94b50d07be6d..6c84701c9c0a 100644 --- a/nixos/tests/redis.nix +++ b/nixos/tests/redis.nix @@ -1,44 +1,87 @@ -import ./make-test-python.nix ({ pkgs, lib, ... }: { - name = "redis"; - meta.maintainers = with lib.maintainers; [ flokli ]; - - nodes = { - machine = - { pkgs, lib, ... }: - - { - services.redis.servers."".enable = true; - services.redis.servers."test".enable = true; - - users.users = lib.listToAttrs (map (suffix: lib.nameValuePair "member${suffix}" { - createHome = false; - description = "A member of the redis${suffix} group"; - isNormalUser = true; - extraGroups = [ "redis${suffix}" ]; - }) ["" "-test"]); - }; + system ? builtins.currentSystem, + config ? { }, + pkgs ? import ../../.. { inherit system config; }, + + lib ? pkgs.lib, +}: +let + makeTest = import ./make-test-python.nix; + mkTestName = + pkg: "${pkg.pname}_${builtins.replaceStrings [ "." ] [ "" ] (lib.versions.majorMinor pkg.version)}"; + redisPackages = { + inherit (pkgs) redis keydb; }; + makeRedisTest = + { + package, + name ? mkTestName package, + }: + makeTest { + inherit name; + meta.maintainers = [ + lib.maintainers.flokli + lib.teams.helsinki-systems.members + ]; + + nodes = { + machine = + { lib, ... }: + + { + services = { + redis = { + inherit package; + servers."".enable = true; + servers."test".enable = true; + }; + }; + + users.users = lib.listToAttrs ( + map + ( + suffix: + lib.nameValuePair "member${suffix}" { + createHome = false; + description = "A member of the redis${suffix} group"; + isNormalUser = true; + extraGroups = [ "redis${suffix}" ]; + } + ) + [ + "" + "-test" + ] + ); + }; + }; - testScript = { nodes, ... }: let - inherit (nodes.machine.config.services) redis; - in '' - start_all() - machine.wait_for_unit("redis") - machine.wait_for_unit("redis-test") + testScript = + { nodes, ... }: + let + inherit (nodes.machine.services) redis; + in + '' + start_all() + machine.wait_for_unit("redis") + machine.wait_for_unit("redis-test") - # The unnamed Redis server still opens a port for backward-compatibility - machine.wait_for_open_port(6379) + # The unnamed Redis server still opens a port for backward-compatibility + machine.wait_for_open_port(6379) - machine.wait_for_file("${redis.servers."".unixSocket}") - machine.wait_for_file("${redis.servers."test".unixSocket}") + machine.wait_for_file("${redis.servers."".unixSocket}") + machine.wait_for_file("${redis.servers."test".unixSocket}") - # The unix socket is accessible to the redis group - machine.succeed('su member -c "redis-cli ping | grep PONG"') - machine.succeed('su member-test -c "redis-cli ping | grep PONG"') + # The unix socket is accessible to the redis group + machine.succeed('su member -c "${pkgs.redis}/bin/redis-cli ping | grep PONG"') + machine.succeed('su member-test -c "${pkgs.redis}/bin/redis-cli ping | grep PONG"') - machine.succeed("redis-cli ping | grep PONG") - machine.succeed("redis-cli -s ${redis.servers."".unixSocket} ping | grep PONG") - machine.succeed("redis-cli -s ${redis.servers."test".unixSocket} ping | grep PONG") - ''; -}) + machine.succeed("${pkgs.redis}/bin/redis-cli ping | grep PONG") + machine.succeed("${pkgs.redis}/bin/redis-cli -s ${redis.servers."".unixSocket} ping | grep PONG") + machine.succeed("${pkgs.redis}/bin/redis-cli -s ${ + redis.servers."test".unixSocket + } ping | grep PONG") + ''; + }; +in +lib.mapAttrs (_: package: makeRedisTest { inherit package; }) redisPackages |