diff options
| author | Markus Heiser <markus.heiser@darmarit.de> | 2021-12-28 16:53:26 +0100 |
|---|---|---|
| committer | Markus Heiser <markus.heiser@darmarit.de> | 2022-01-03 14:34:26 +0100 |
| commit | fe8b88c8a4385a3454604143bc7ed4162f713251 (patch) | |
| tree | 49c703ab2de3caa1804adc82e0c220e8121534af /utils/templates | |
| parent | a3332cd55055db7c568965571c08de73fb6b9adc (diff) | |
| download | searxng-fe8b88c8a4385a3454604143bc7ed4162f713251.tar.gz searxng-fe8b88c8a4385a3454604143bc7ed4162f713251.zip | |
[mod] script to build & install a redis instance
A script to build & install a simple & isolated redis service, dedicated to
SearXNG and connected via Unix socket.
$ ./manage redis.help
redis.:
devpkg : install essential packages to compile redis
build : build redis binaries at /800GBPCIex4/share/SearXNG/dist/redis/6.2.6/amd64
install : create user (searxng-redis) and install systemd service (searxng-redis)
remove : delete user (searxng-redis) and remove service (searxng-redis)
shell : start bash interpreter from user searxng-redis
src : clone redis source code to <path> and checkput 6.2.6
useradd : create user (searxng-redis) at /usr/local/searxng-redis
userdel : delete user (searxng-redis)
addgrp : add <user> to group (searxng-redis)
rmgrp : remove <user> from group (searxng-redis)
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
Diffstat (limited to 'utils/templates')
| -rw-r--r-- | utils/templates/lib/systemd/system/searxng-redis.service | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/utils/templates/lib/systemd/system/searxng-redis.service b/utils/templates/lib/systemd/system/searxng-redis.service new file mode 100644 index 000000000..d1d163f04 --- /dev/null +++ b/utils/templates/lib/systemd/system/searxng-redis.service @@ -0,0 +1,42 @@ +[Unit] + +Description=SearXNG redis service +After=syslog.target +After=network.target +Documentation=https://redis.io/documentation + +[Service] + +Type=simple +User=${REDIS_USER} +Group=${REDIS_USER} +WorkingDirectory=${REDIS_HOME} +Restart=always +TimeoutStopSec=0 + +Environment=USER=${REDIS_USER} HOME=${REDIS_HOME} +ExecStart=${REDIS_HOME_BIN}/redis-server ${REDIS_CONF} +ExecPaths=${REDIS_HOME_BIN} + +LimitNOFILE=65535 +NoNewPrivileges=true +PrivateDevices=yes + +# ProtectSystem=full +ProtectHome=yes +ReadOnlyDirectories=/ +ReadWritePaths=-${REDIS_HOME}/run + +UMask=007 +PrivateTmp=yes + +MemoryDenyWriteExecute=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectControlGroups=true +RestrictRealtime=true +RestrictNamespaces=true + +[Install] + +WantedBy=multi-user.target |