Merge pull request #108844 from dadada/dadada/redis-unix-socket

nixos/redis: add test for unix socket access
This commit is contained in:
Florian Klink 2021-01-10 22:08:02 +01:00 committed by GitHub
commit 07f8292f88
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -1,4 +1,8 @@
import ./make-test-python.nix ({ pkgs, ...} : {
import ./make-test-python.nix ({ pkgs, ... }:
let
redisSocket = "/run/redis/redis.sock";
in
{
name = "redis";
meta = with pkgs.stdenv.lib.maintainers; {
maintainers = [ flokli ];
@ -10,7 +14,20 @@ import ./make-test-python.nix ({ pkgs, ...} : {
{
services.redis.enable = true;
services.redis.unixSocket = "/run/redis/redis.sock";
services.redis.unixSocket = redisSocket;
# Allow access to the unix socket for the "redis" group.
services.redis.settings.unixsocketperm = "770";
users.users."member" = {
createHome = false;
description = "A member of the redis group";
extraGroups = [
"redis"
];
group = "users";
shell = "/bin/sh";
};
};
};
@ -18,7 +35,11 @@ import ./make-test-python.nix ({ pkgs, ...} : {
start_all()
machine.wait_for_unit("redis")
machine.wait_for_open_port("6379")
# The unix socket is accessible to the redis group
machine.succeed('su member -c "redis-cli ping | grep PONG"')
machine.succeed("redis-cli ping | grep PONG")
machine.succeed("redis-cli -s /run/redis/redis.sock ping | grep PONG")
machine.succeed("redis-cli -s ${redisSocket} ping | grep PONG")
'';
})