43 lines
760 B
SYSTEMD
Raw Normal View History

[mod] script to build & install a redis instance A script to build & install a simple & isolated redis service, dedicated to SearXNG and connected via Unix socket. $ ./manage redis.help redis.: devpkg : install essential packages to compile redis build : build redis binaries at /800GBPCIex4/share/SearXNG/dist/redis/6.2.6/amd64 install : create user (searxng-redis) and install systemd service (searxng-redis) remove : delete user (searxng-redis) and remove service (searxng-redis) shell : start bash interpreter from user searxng-redis src : clone redis source code to <path> and checkput 6.2.6 useradd : create user (searxng-redis) at /usr/local/searxng-redis userdel : delete user (searxng-redis) addgrp : add <user> to group (searxng-redis) rmgrp : remove <user> from group (searxng-redis) Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
2021-12-28 16:53:26 +01:00
[Unit]
Description=SearXNG redis service
After=syslog.target
After=network.target
Documentation=https://redis.io/documentation
[Service]
Type=simple
User=${REDIS_USER}
Group=${REDIS_USER}
WorkingDirectory=${REDIS_HOME}
Restart=always
TimeoutStopSec=0
Environment=USER=${REDIS_USER} HOME=${REDIS_HOME}
ExecStart=${REDIS_HOME_BIN}/redis-server ${REDIS_CONF}
ExecPaths=${REDIS_HOME_BIN}
LimitNOFILE=65535
NoNewPrivileges=true
PrivateDevices=yes
# ProtectSystem=full
ProtectHome=yes
ReadOnlyDirectories=/
ReadWritePaths=-${REDIS_HOME}/run
UMask=007
PrivateTmp=yes
MemoryDenyWriteExecute=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectControlGroups=true
RestrictRealtime=true
RestrictNamespaces=true
[Install]
WantedBy=multi-user.target
Reference in New Issue Copy Permalink