nixos-infra/services/redis/service.nix

{
  config,
  lib,
  sec,
  ...
}:
let
  inherit (config.machine.redis)
    port
    enable
    ;
in
with lib;
mkIf enable {
  sops.secrets = {
    "redis/password" = { };
  };

  networking.firewall = {
    allowedTCPPorts = [ port ];
  };

  services.redis.servers."default" = {
    inherit enable;
    inherit port;
    bind = null;
    requirePassFile = sec."redis/password".path;
  };
}