redis: instance service for Debian 11
This commit is contained in:
parent
c5ab0c0ff9
commit
e8a8e85819
|
@ -13,8 +13,13 @@ The **patch** part changes incrementally at each release.
|
||||||
### Added
|
### Added
|
||||||
|
|
||||||
* Preliminary support for Debian 11 « Bullseye »
|
* Preliminary support for Debian 11 « Bullseye »
|
||||||
|
* apache: new variable for mpm mode (+ updated default config accordingly)
|
||||||
* certbot: add script for manual deploy hooks execution
|
* certbot: add script for manual deploy hooks execution
|
||||||
|
* evolinux-base: add default motd template
|
||||||
|
* kvm-host: add migrate-vm script
|
||||||
* listupgrade: crontab is configurable
|
* listupgrade: crontab is configurable
|
||||||
|
* mysql: variable to disable myadd script overwrite (default: True)
|
||||||
|
* redis: instance service for Debian 11
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
||||||
|
|
45
redis/templates/redis-server@bullseye.service.j2
Normal file
45
redis/templates/redis-server@bullseye.service.j2
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
[Unit]
|
||||||
|
Description=Advanced key-value store
|
||||||
|
After=network.target
|
||||||
|
Documentation=http://redis.io/documentation, man:redis-server(1)
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=notify
|
||||||
|
ExecStart=/usr/bin/redis-server {{ redis_conf_dir_prefix }}-%i/redis.conf --supervised systemd --daemonize no
|
||||||
|
PIDFile=/run/redis-%i/redis-server.pid
|
||||||
|
TimeoutStopSec=0
|
||||||
|
Restart=always
|
||||||
|
User=redis-%i
|
||||||
|
Group=redis-%i
|
||||||
|
RuntimeDirectory=redis-%i
|
||||||
|
RuntimeDirectoryMode=2755
|
||||||
|
|
||||||
|
UMask=007
|
||||||
|
PrivateTmp=yes
|
||||||
|
LimitNOFILE=65535
|
||||||
|
PrivateDevices=yes
|
||||||
|
ProtectHome={{ redis_data_dir_prefix is match('/home') | ternary('no', 'yes') }}
|
||||||
|
ReadOnlyDirectories=/
|
||||||
|
ReadWritePaths=-{{ redis_data_dir_prefix }}-%i
|
||||||
|
ReadWritePaths=-{{ redis_log_dir_prefix }}-%i
|
||||||
|
ReadWritePaths=-{{ redis_pid_dir_prefix }}-%i
|
||||||
|
ReadWritePaths=-{{ redis_socket_dir_prefix }}-%i
|
||||||
|
|
||||||
|
NoNewPrivileges=true
|
||||||
|
CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE
|
||||||
|
MemoryDenyWriteExecute=true
|
||||||
|
ProtectKernelModules=true
|
||||||
|
ProtectKernelTunables=true
|
||||||
|
ProtectControlGroups=true
|
||||||
|
RestrictRealtime=true
|
||||||
|
RestrictNamespaces=true
|
||||||
|
RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
|
||||||
|
|
||||||
|
# redis-server can write to its own config file when in cluster mode so we
|
||||||
|
# permit writing there by default. If you are not using this feature, it is
|
||||||
|
# recommended that you replace the following lines with "ProtectSystem=full".
|
||||||
|
ProtectSystem=true
|
||||||
|
ReadWriteDirectories=-{{ redis_conf_dir_prefix }}-%i
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
Loading…
Reference in a new issue