redis service: add firewall and VM overcommit options

- Add vm.over_commit setting for background saving
- Add openFirewall setting

Closes #10193

1 files changed, 24 insertions, 0 deletions

diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix
index 6323d2c8ce4e..480e1184ffa3 100644
--- a/nixos/modules/services/databases/redis.nix
+++ b/nixos/modules/services/databases/redis.nix
@@ -68,6 +68,22 @@ in
         description = "The port for Redis to listen to.";
       };
 
+      vmOverCommit = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Set vm.overcommit_memory to 1 (Suggested for Background Saving: http://redis.io/topics/faq)
+        '';
+      };
+
+      openFirewall = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to open ports in the firewall for the server.
+        '';
+      };
+
       bind = mkOption {
         type = with types; nullOr str;
         default = null; # All interfaces
@@ -193,6 +209,14 @@ in
 
   config = mkIf config.services.redis.enable {
 
+    boot.kernel.sysctl = mkIf cfg.vmOverCommit {
+      "vm.overcommit_memory" = "1";
+    };
+
+    networking.firewall = mkIf cfg.openFirewall {
+      allowedTCPPorts = [ cfg.port ];
+    };
+
     users.extraUsers.redis =
       { name = cfg.user;
         uid = config.ids.uids.redis;