diff options
author | Soham Sen <contact@sohamsen.me> | 2022-06-05 22:11:31 +0530 |
---|---|---|
committer | Soham Sen <contact@sohamsen.me> | 2022-06-06 04:05:48 +0530 |
commit | 109e13db243249e26b8b8d861424578400aae882 (patch) | |
tree | 900f9167aa2feb60df4c634fadfb908e81258c77 /nixos | |
parent | b03fed4229b7c41315d99292d50cdd3ee986a4a5 (diff) |
dragonflydb: init at 0.1.0
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2211.section.xml | 7 | ||||
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2211.section.md | 2 | ||||
-rw-r--r-- | nixos/modules/module-list.nix | 1 | ||||
-rw-r--r-- | nixos/modules/services/databases/dragonflydb.nix | 152 |
4 files changed, 162 insertions, 0 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml index 4a7ef8b71686e..b350e1fe17d69 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2211.section.xml @@ -50,6 +50,13 @@ </listitem> <listitem> <para> + <link xlink:href="https://dragonflydb.io/">dragonflydb</link>, + a modern replacement for Redis and Memcached. Available as + <link linkend="opt-services.dragonflydb.enable">services.dragonflydb</link>. + </para> + </listitem> + <listitem> + <para> <link xlink:href="https://github.com/leetronics/infnoise">infnoise</link>, a hardware True Random Number Generator dongle. Available as <link xlink:href="options.html#opt-services.infnoise.enable">services.infnoise</link>. diff --git a/nixos/doc/manual/release-notes/rl-2211.section.md b/nixos/doc/manual/release-notes/rl-2211.section.md index 89a799cafc507..702efcb2dc09f 100644 --- a/nixos/doc/manual/release-notes/rl-2211.section.md +++ b/nixos/doc/manual/release-notes/rl-2211.section.md @@ -25,6 +25,8 @@ In addition to numerous new and upgraded packages, this release has the followin - [appvm](https://github.com/jollheef/appvm), Nix based app VMs. Available as [virtualisation.appvm](options.html#opt-virtualisation.appvm.enable). +- [dragonflydb](https://dragonflydb.io/), a modern replacement for Redis and Memcached. Available as [services.dragonflydb](#opt-services.dragonflydb.enable). + - [infnoise](https://github.com/leetronics/infnoise), a hardware True Random Number Generator dongle. Available as [services.infnoise](options.html#opt-services.infnoise.enable). diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index d59d7bfe40d9f..7b1054262f590 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -348,6 +348,7 @@ ./services/databases/clickhouse.nix ./services/databases/cockroachdb.nix ./services/databases/couchdb.nix + ./services/databases/dragonflydb.nix ./services/databases/firebird.nix ./services/databases/foundationdb.nix ./services/databases/hbase.nix diff --git a/nixos/modules/services/databases/dragonflydb.nix b/nixos/modules/services/databases/dragonflydb.nix new file mode 100644 index 0000000000000..e72afa9d90890 --- /dev/null +++ b/nixos/modules/services/databases/dragonflydb.nix @@ -0,0 +1,152 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.dragonflydb; + dragonflydb = pkgs.dragonflydb; + + settings = + { + port = cfg.port; + dir = "/var/lib/dragonflydb"; + keys_output_limit = cfg.keysOutputLimit; + } // + (lib.optionalAttrs (cfg.bind != null) { bind = cfg.bind; }) // + (lib.optionalAttrs (cfg.requirePass != null) { requirepass = cfg.requirePass; }) // + (lib.optionalAttrs (cfg.maxMemory != null) { maxmemory = cfg.maxMemory; }) // + (lib.optionalAttrs (cfg.memcachePort != null) { memcache_port = cfg.memcachePort; }) // + (lib.optionalAttrs (cfg.dbNum != null) { dbnum = cfg.dbNum; }) // + (lib.optionalAttrs (cfg.cacheMode != null) { cache_mode = cfg.cacheMode; }); +in +{ + + ###### interface + + options = { + services.dragonflydb = { + enable = mkEnableOption "DragonflyDB"; + + user = mkOption { + type = types.str; + default = "dragonfly"; + description = "The user to run DragonflyDB as"; + }; + + port = mkOption { + type = types.port; + default = 6379; + description = "The TCP port to accept connections."; + }; + + bind = mkOption { + type = with types; nullOr str; + default = "127.0.0.1"; + description = '' + The IP interface to bind to. + <literal>null</literal> means "all interfaces". + ''; + }; + + requirePass = mkOption { + type = with types; nullOr str; + default = null; + description = "Password for database"; + example = "letmein!"; + }; + + maxMemory = mkOption { + type = with types; nullOr ints.unsigned; + default = null; + description = '' + The maximum amount of memory to use for storage (in bytes). + <literal>null</literal> means this will be automatically set. + ''; + }; + + memcachePort = mkOption { + type = with types; nullOr port; + default = null; + description = '' + To enable memcached compatible API on this port. + <literal>null</literal> means disabled. + ''; + }; + + keysOutputLimit = mkOption { + type = types.ints.unsigned; + default = 8192; + description = '' + Maximum number of returned keys in keys command. + <literal>keys</literal> is a dangerous command. + We truncate its result to avoid blowup in memory when fetching too many keys. + ''; + }; + + dbNum = mkOption { + type = with types; nullOr ints.unsigned; + default = null; + description = "Maximum number of supported databases for <literal>select</literal>"; + }; + + cacheMode = mkOption { + type = with types; nullOr bool; + default = null; + description = '' + Once this mode is on, Dragonfly will evict items least likely to be stumbled + upon in the future but only when it is near maxmemory limit. + ''; + }; + }; + }; + + ###### implementation + + config = mkIf config.services.dragonflydb.enable { + + users.users = optionalAttrs (cfg.user == "dragonfly") { + dragonfly.description = "DragonflyDB server user"; + dragonfly.isSystemUser = true; + dragonfly.group = "dragonfly"; + }; + users.groups = optionalAttrs (cfg.user == "dragonfly") { dragonfly = { }; }; + + environment.systemPackages = [ dragonflydb ]; + + systemd.services.dragonflydb = { + description = "DragonflyDB server"; + + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + serviceConfig = { + ExecStart = "${dragonflydb}/bin/dragonfly --alsologtostderr ${builtins.concatStringsSep " " (attrsets.mapAttrsToList (n: v: "--${n} ${strings.escapeShellArg v}") settings)}"; + + User = cfg.user; + + # Filesystem access + ReadWritePaths = [ settings.dir ]; + StateDirectory = "dragonflydb"; + StateDirectoryMode = "0700"; + # Process Properties + LimitMEMLOCK = "infinity"; + # Caps + CapabilityBoundingSet = ""; + NoNewPrivileges = true; + # Sandboxing + ProtectSystem = "strict"; + ProtectHome = true; + PrivateTmp = true; + PrivateDevices = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectControlGroups = true; + LockPersonality = true; + RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; + RestrictRealtime = true; + PrivateMounts = true; + MemoryDenyWriteExecute = true; + }; + }; + }; +} |