From 169ab0b89f124694e81639ff52c8bafc695d961d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niklas=20Hamb=C3=BCchen?= Date: Sun, 11 Oct 2020 03:15:19 +0200 Subject: [PATCH] redis service: Listen on localhost by default. Fixes #100192. All other database servers in NixOS also use this safe-by-default setting. --- nixos/doc/manual/release-notes/rl-2103.xml | 5 +++++ nixos/modules/services/databases/redis.nix | 9 ++++++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/nixos/doc/manual/release-notes/rl-2103.xml b/nixos/doc/manual/release-notes/rl-2103.xml index 7fd7ff5c2a96..dc61f095a5cf 100644 --- a/nixos/doc/manual/release-notes/rl-2103.xml +++ b/nixos/doc/manual/release-notes/rl-2103.xml @@ -159,6 +159,11 @@ to nextcloud20. + + + The setting defaults to 127.0.0.1 now, making Redis listen on the loopback interface only, and not all public network interfaces. + + NixOS now emits a deprecation warning if systemd's StartLimitInterval setting is used in a serviceConfig section instead of in a unitConfig; that setting is deprecated and now undocumented for the service section by systemd upstream, but still effective and somewhat buggy there, which can be confusing. See #45785 for details. diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix index f1777854e141..6b8853ae390b 100644 --- a/nixos/modules/services/databases/redis.nix +++ b/nixos/modules/services/databases/redis.nix @@ -87,9 +87,12 @@ in bind = mkOption { type = with types; nullOr str; - default = null; # All interfaces - description = "The IP interface to bind to."; - example = "127.0.0.1"; + default = "127.0.0.1"; + description = '' + The IP interface to bind to. + null means "all interfaces". + ''; + example = "192.0.2.1"; }; unixSocket = mkOption {