Redis

This role installs the Redis in-memory data structure store in the latest version provided by NixOS which is 7.2.x at the moment.

Note

Version 7.2.x will be the last release of the Redis software from Redis Inc. supported in our platform. As the upcoming releases of Redis 7.3 and newer won’t be Open Source software anymore, we intend to shift to one of the Redis-compatible forks which remain Open Source software.
The choice has not been made yet, we are evaluating the options Valkey, Redict, and KeyDB.

Components

  • Redis

Configuration

Out of the box, Redis is set up with a couple of common default parameters and listens on the IP-addresses of the loopback (localhost) and ethsrv-interfaces of your VM on port 6379 (See networking for details on this topic).

In previous versions, custom redis configuration could be set via /etc/local/redis/custom.conf which is not supported anymore.

If you need to change the behaviour of Redis, you define your redis configuration with the NixOS option services.redis.servers."".settings. NixOS supports multiple instances of Redis on a single host, so this option sets configuration for the default instance with an empty instance name. See the NixOS manual for further information.

Regarding setting the redis password, see the section on redis passwords.

The following NixOS module adds some modules to be loaded by Redis:

# /etc/local/nixos/redis.nix
{ ... }:
{
    services.redis.servers."".settings = {
        loadmodule = [ "/path/to/my_module.so" "/path/to/other_module.so" ];
    };
}

See Custom NixOS-native configuration for general information about writing custom NixOS modules in /etc/local/nixos.

There are also some options under flyingcircus.services.redis, namely maxmemory, maxmemory-policy, password and listenAddresses.

The following NixOS module sets the listening addresses to 203.0.113.54 and 203.0.113.57 as well as overriding the password to foobarpass. The maximum memory size is set to 512mb. The exact behavior Redis follows when the maxmemory limit is reached is configured using the maxmemory-policy configuration directive and is set to noeviction in this example. Read more at redis topic lru cache <https://redis.io/topics/lru-cache>.

# /etc/local/nixos/redis.nix
{ ... }:
{
    flyingcircus.services.redis = {
        listenAddresses = [ "203.0.113.54", "203.0.113.57 "];
        password = "foobarpass"; # Makes the password world readable, see paragraphs below for information
        maxmemory = "512mb";
        maxmemory-policy = "noeviction";
    };
}

As an alternative to setting the maxmemory by hand you can set a memoryPercentage option. This will set the memory limit to a percentage of the total memory of the system.

# /etc/local/nixos/redis.nix
{ ... }:
{
    flyingcircus.services.redis = {
        memoryPercentage = "50";
    };
}

For further information on how to activate changes on our NixOS-environment, please consult Local Configuration.

Password

The authentication password is automatically generated upon installation and can be read and changed by service users. It can be found in /etc/local/redis/password.

It can also be specified in the flyingcircus.services.redis.password option where the password will have a higher priority than the one in the filesystem. Setting the password option makes the password world-readable to processes on the VM since it will be stored in the nix store.

Overriding the password to foobarpass looks like this:

# /etc/local/nixos/redis.nix
{ ... }:
{
    flyingcircus.services.redis = {
        password = "foobarpass"; # Makes the password world readable
    };
}

Interaction

Service users may invoke sudo fc-manage --build to apply service configuration changes and trigger service restarts (if necessary).

Monitoring

The default monitoring setup checks that the Redis server is running and is responding to PING.

Additional servers

By default, a single instance of Redis is started when enabling the role.

It’s possible to set up more Redis servers like this:

{
  services.redis.servers = {
    foo = {
      enable = true;
      port = 6380;
    };
    bar = {
      enable = true;
      port = 6381;
    };
  };
}

Additionally, this has the following impact on a system:

  • For each of these instances, another Sensu check doing a PING is added and metrics will be scraped using Telegraf.

    If a server is configured with no TCP socket and a UNIX socket that cannot be written to & read from its owning group, this won’t be configured and a warning will be printed by the agent.

  • By default, Redis gets to use 80% of the RAM available on a machine. With >1 machine being enabled, each machine will get floor(80 / N) percent of the machine’s RAM with N being the amount of enabled Redis servers.

    This can be changed by setting the option services.redis.servers.<name>.settings.maxmemory to a different value. Please keep in mind that this only takes absolute values.