caveman: set a redis password
This commit is contained in:
parent
7543cba46b
commit
a1345f916e
|
@ -26,21 +26,29 @@
|
||||||
secrets = {
|
secrets = {
|
||||||
"restic/password".owner = "root";
|
"restic/password".owner = "root";
|
||||||
"restic/repositories/server8".owner = "root";
|
"restic/repositories/server8".owner = "root";
|
||||||
|
"redis/caveman/requirePass".mode = "0444";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
# Override default backup schedule to reduce I/O
|
redis.servers.caveman = {
|
||||||
redis.servers.caveman.save = [
|
# Listen on the public network
|
||||||
# Every 2h if at least 1 entry changed
|
bind = null;
|
||||||
[ 7200 1 ]
|
# Override default backup schedule to reduce I/O
|
||||||
# Every 30min if at least 10000 entries changed
|
save = [
|
||||||
[ 1800 10000 ]
|
# Every 2h if at least 1 entry changed
|
||||||
];
|
[ 7200 1 ]
|
||||||
|
# Every 30min if at least 10000 entries changed
|
||||||
|
[ 1800 10000 ]
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
caveman = {
|
caveman = {
|
||||||
# leave 4 GB for caveman services
|
redis = {
|
||||||
redis.maxmemory = (config.microvm.mem - 4) * 1024 * 1024;
|
# leave 4 GB for caveman services
|
||||||
|
maxmemory = (config.microvm.mem - 4) * 1024 * 1024;
|
||||||
|
passwordFile = config.sops.secrets."redis/caveman/requirePass".path;
|
||||||
|
};
|
||||||
|
|
||||||
hunter = {
|
hunter = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -2,6 +2,9 @@ restic:
|
||||||
password: ENC[AES256_GCM,data:f1kQylVfzI1v+W2P+IklKw==,iv:A72uGclgNYtDyTr8EQVgLZ4Ej1qVRWL6DvmmXExXXVI=,tag:kFhaxLWi89tWNoNtbE/FUQ==,type:str]
|
password: ENC[AES256_GCM,data:f1kQylVfzI1v+W2P+IklKw==,iv:A72uGclgNYtDyTr8EQVgLZ4Ej1qVRWL6DvmmXExXXVI=,tag:kFhaxLWi89tWNoNtbE/FUQ==,type:str]
|
||||||
repositories:
|
repositories:
|
||||||
server8: ENC[AES256_GCM,data:itNCMHwwyUdoGfNEtixByu+BmOU2Z7JhgzUoRENY1pcYHNlbWUbf6/c6Ui9+xNnnEmMldq599RJNYCxDaavQjtk/HwHGYvzqI5L7uVxFlK0d0GDo,iv:kV62vUokW/n1ixu5vVjYkzXUZERGVn0J/C9Y6tgLIfw=,tag:MKnSHZfRFm1mdkIAUZGqmw==,type:str]
|
server8: ENC[AES256_GCM,data:itNCMHwwyUdoGfNEtixByu+BmOU2Z7JhgzUoRENY1pcYHNlbWUbf6/c6Ui9+xNnnEmMldq599RJNYCxDaavQjtk/HwHGYvzqI5L7uVxFlK0d0GDo,iv:kV62vUokW/n1ixu5vVjYkzXUZERGVn0J/C9Y6tgLIfw=,tag:MKnSHZfRFm1mdkIAUZGqmw==,type:str]
|
||||||
|
redis:
|
||||||
|
caveman:
|
||||||
|
requirePass: ENC[AES256_GCM,data:08V/ZSarIx+lpGSx5Su0A4Jveejxi83+jj1+Wcqf+nY=,iv:lm412YmiV6rVn5LGx1O5/kCGO457yohieu+UgB5b230=,tag:4cQ7mIlxJh7rGMZqmGIPMQ==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -26,8 +29,8 @@ sops:
|
||||||
U1RTTGtmNEJLZVQ0dXU1d1VjNk1kbm8Kbn1V7apdbkDhu8xhedIrpZGRcMzyB2do
|
U1RTTGtmNEJLZVQ0dXU1d1VjNk1kbm8Kbn1V7apdbkDhu8xhedIrpZGRcMzyB2do
|
||||||
x3SHunmMJzqtB3KsVhgIo8TcQyRqGMn2BRFHMGtYUtgRvOT/tKibcQ==
|
x3SHunmMJzqtB3KsVhgIo8TcQyRqGMn2BRFHMGtYUtgRvOT/tKibcQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-08-08T22:44:39Z"
|
lastmodified: "2023-10-12T19:53:12Z"
|
||||||
mac: ENC[AES256_GCM,data:a3bnihJKmhmroeZbVFSWo2fMa4AINuGH3fsOObugmaM2Vbs1eqmrslV7h5rmRv0LmzQYlKoSSkKQ6Pn6ofhq/uwCf34PnpyOvRQP1BL1PH5s1EaIXDx3RhnaaAxFOwnvi3/zO0BZ1PgUUkLm4owXMbERmbvg1iXR6+QrJySfPJ8=,iv:BKYHqW9tErFaVPc3x4xmdqVUYexzgXnfCyg7IR92bAQ=,tag:T6c3EidOT1UWy5+XfNkY8g==,type:str]
|
mac: ENC[AES256_GCM,data:FyW0rehjvX7BNNh0mQ9kG1CEZJxgzIc4I+41F0hhfmNTwQr0PR7e+0nnL/SrgIlCm1IBshCYncYTOJHOz2cjlouGJg+w3NPrAegOwtP7HBERedcGdktFFxVPprnspKH1RmOGUk+JAcpnZVh5KraGc8uNCdMXPZ+hlEsEMde3JQk=,iv:rBnXl5jjwLIPp8F+Q6jIaxljuCxYIHc0cQqCVZB4EXw=,tag:EI247Fmnmp2jyqIk6Htsig==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2023-08-08T22:43:30Z"
|
- created_at: "2023-08-08T22:43:30Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
|
|
Loading…
Reference in New Issue