forked from zaclys/searxng
		
	 fe8b88c8a4
			
		
	
	
		fe8b88c8a4
		
	
	
	
	
		
			
			A script to build & install a simple & isolated redis service, dedicated to
SearXNG and connected via Unix socket.
    $ ./manage redis.help
    redis.:
      devpkg    : install essential packages to compile redis
      build     : build redis binaries at /800GBPCIex4/share/SearXNG/dist/redis/6.2.6/amd64
      install   : create user (searxng-redis) and install systemd service (searxng-redis)
      remove    : delete user (searxng-redis) and remove service (searxng-redis)
      shell     : start bash interpreter from user searxng-redis
      src       : clone redis source code to <path> and checkput 6.2.6
      useradd   : create user (searxng-redis) at /usr/local/searxng-redis
      userdel   : delete user (searxng-redis)
      addgrp    : add <user> to group (searxng-redis)
      rmgrp     : remove <user> from group (searxng-redis)
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
		
	
			
		
			
				
	
	
		
			42 lines
		
	
	
	
		
			760 B
		
	
	
	
		
			Desktop File
		
	
	
	
	
	
			
		
		
	
	
			42 lines
		
	
	
	
		
			760 B
		
	
	
	
		
			Desktop File
		
	
	
	
	
	
| [Unit]
 | |
| 
 | |
| Description=SearXNG redis service
 | |
| After=syslog.target
 | |
| After=network.target
 | |
| Documentation=https://redis.io/documentation
 | |
| 
 | |
| [Service]
 | |
| 
 | |
| Type=simple
 | |
| User=${REDIS_USER}
 | |
| Group=${REDIS_USER}
 | |
| WorkingDirectory=${REDIS_HOME}
 | |
| Restart=always
 | |
| TimeoutStopSec=0
 | |
| 
 | |
| Environment=USER=${REDIS_USER} HOME=${REDIS_HOME}
 | |
| ExecStart=${REDIS_HOME_BIN}/redis-server ${REDIS_CONF}
 | |
| ExecPaths=${REDIS_HOME_BIN}
 | |
| 
 | |
| LimitNOFILE=65535
 | |
| NoNewPrivileges=true
 | |
| PrivateDevices=yes
 | |
| 
 | |
| # ProtectSystem=full
 | |
| ProtectHome=yes
 | |
| ReadOnlyDirectories=/
 | |
| ReadWritePaths=-${REDIS_HOME}/run
 | |
| 
 | |
| UMask=007
 | |
| PrivateTmp=yes
 | |
| 
 | |
| MemoryDenyWriteExecute=true
 | |
| ProtectKernelModules=true
 | |
| ProtectKernelTunables=true
 | |
| ProtectControlGroups=true
 | |
| RestrictRealtime=true
 | |
| RestrictNamespaces=true
 | |
| 
 | |
| [Install]
 | |
| 
 | |
| WantedBy=multi-user.target
 |