You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

memcached.nix 2.8KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117
  1. { config, lib, pkgs, ... }:
  2. with lib;
  3. let
  4. cfg = config.services.memcached;
  5. memcached = pkgs.memcached;
  6. in
  7. {
  8. ###### interface
  9. options = {
  10. services.memcached = {
  11. enable = mkOption {
  12. default = false;
  13. description = "
  14. Whether to enable Memcached.
  15. ";
  16. };
  17. user = mkOption {
  18. default = "memcached";
  19. description = "The user to run Memcached as";
  20. };
  21. listen = mkOption {
  22. default = "127.0.0.1";
  23. description = "The IP address to bind to";
  24. };
  25. port = mkOption {
  26. default = 11211;
  27. description = "The port to bind to";
  28. };
  29. enableUnixSocket = mkEnableOption "unix socket at /run/memcached/memcached.sock";
  30. maxMemory = mkOption {
  31. default = 64;
  32. description = "The maximum amount of memory to use for storage, in megabytes.";
  33. };
  34. maxConnections = mkOption {
  35. default = 1024;
  36. description = "The maximum number of simultaneous connections";
  37. };
  38. extraOptions = mkOption {
  39. default = [];
  40. description = "A list of extra options that will be added as a suffix when running memcached";
  41. };
  42. };
  43. };
  44. ###### implementation
  45. config = mkIf config.services.memcached.enable {
  46. users.users = optional (cfg.user == "memcached") {
  47. name = "memcached";
  48. description = "Memcached server user";
  49. isSystemUser = true;
  50. };
  51. environment.systemPackages = [ memcached ];
  52. systemd.services.memcached = {
  53. description = "Memcached server";
  54. wantedBy = [ "multi-user.target" ];
  55. after = [ "network.target" ];
  56. serviceConfig = {
  57. ExecStart =
  58. let
  59. networking = if cfg.enableUnixSocket
  60. then "-s /run/memcached/memcached.sock"
  61. else "-l ${cfg.listen} -p ${toString cfg.port}";
  62. in "${memcached}/bin/memcached ${networking} -m ${toString cfg.maxMemory} -c ${toString cfg.maxConnections} ${concatStringsSep " " cfg.extraOptions}";
  63. User = cfg.user;
  64. # Filesystem access
  65. ProtectSystem = "strict";
  66. ProtectHome = true;
  67. PrivateTmp = true;
  68. PrivateDevices = true;
  69. ProtectKernelTunables = true;
  70. ProtectKernelModules = true;
  71. ProtectControlGroups = true;
  72. RuntimeDirectory = "memcached";
  73. # Caps
  74. CapabilityBoundingSet = "";
  75. NoNewPrivileges = true;
  76. # Misc.
  77. LockPersonality = true;
  78. RestrictRealtime = true;
  79. PrivateMounts = true;
  80. MemoryDenyWriteExecute = true;
  81. };
  82. };
  83. };
  84. imports = [
  85. (mkRemovedOptionModule ["services" "memcached" "socket"] ''
  86. This option was replaced by a fixed unix socket path at /run/memcached/memcached.sock enabled using services.memcached.enableUnixSocket.
  87. '')
  88. ];
  89. }