From cb31bd47554842da3a8dfda2f74981eebf2ad914 Mon Sep 17 00:00:00 2001
From: Brendan Taylor <bct@diffeq.com>
Date: Sun, 29 Sep 2024 09:33:03 -0600
Subject: [PATCH] nixos/redis: add option services.redis.servers.*.group

previously if you set the "user" option and did not create a group
account with the same name the module would create a service that would
fail to start.

with this change:
- the module is more explicit about this behaviour
- you can configure the group directly, so that you're not forced to a
  particular user/group structure
- you can read the group name used by the redis service. this is useful
  for giving other services permission to use the redis socket.
---
 nixos/modules/services/databases/redis.nix | 27 +++++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix
index 7a3f408aa98e..43829b13c6c0 100644
--- a/nixos/modules/services/databases/redis.nix
+++ b/nixos/modules/services/databases/redis.nix
@@ -72,7 +72,28 @@ in {
               defaultText = literalExpression ''
                 if name == "" then "redis" else "redis-''${name}"
               '';
-              description = "The username and groupname for redis-server.";
+              description = ''
+                User account under which this instance of redis-server runs.
+
+                ::: {.note}
+                If left as the default value this user will automatically be
+                created on system activation, otherwise you are responsible for
+                ensuring the user exists before the redis service starts.
+              '';
+            };
+
+            group = mkOption {
+              type = types.str;
+              default = config.user;
+              defaultText = literalExpression "config.user";
+              description = ''
+                Group account under which this instance of redis-server runs.
+
+                ::: {.note}
+                If left as the default value this group will automatically be
+                created on system activation, otherwise you are responsible for
+                ensuring the group exists before the redis service starts.
+              '';
             };
 
             port = mkOption {
@@ -337,7 +358,7 @@ in {
           redisConfStore = redisConfig conf.settings;
         in ''
           touch "${redisConfVar}" "${redisConfRun}"
-          chown '${conf.user}' "${redisConfVar}" "${redisConfRun}"
+          chown '${conf.user}':'${conf.group}' "${redisConfVar}" "${redisConfRun}"
           chmod 0600 "${redisConfVar}" "${redisConfRun}"
           if [ ! -s ${redisConfVar} ]; then
             echo 'include "${redisConfRun}"' > "${redisConfVar}"
@@ -353,7 +374,7 @@ in {
         Type = "notify";
         # User and group
         User = conf.user;
-        Group = conf.user;
+        Group = conf.group;
         # Runtime directory and mode
         RuntimeDirectory = redisName name;
         RuntimeDirectoryMode = "0750";