NixOS · Aleksanaa · Apr 12, 2024 · Apr 5, 2024
diff --git a/maintainers/team-list.nix b/maintainers/team-list.nix
@@ -441,6 +441,7 @@ with lib.maintainers; {
     # Verify additions to this team with at least one already existing member of the team.
     members = [
       das_j
+      conni2461
     ];
     scope = "Group registration for packages maintained by Helsinki Systems";
     shortName = "Helsinki Systems employees";

diff --git a/nixos/modules/services/databases/redis.nix b/nixos/modules/services/databases/redis.nix
@@ -338,7 +338,7 @@ in {
       after = [ "network.target" ];
 
       serviceConfig = {
-        ExecStart = "${cfg.package}/bin/redis-server /var/lib/${redisName name}/redis.conf ${escapeShellArgs conf.extraParams}";
+        ExecStart = "${cfg.package}/bin/${cfg.package.serverBin or "redis-server"} /var/lib/${redisName name}/redis.conf ${escapeShellArgs conf.extraParams}";
         ExecStartPre = "+"+pkgs.writeShellScript "${redisName name}-prep-conf" (let
           redisConfVar = "/var/lib/${redisName name}/redis.conf";
           redisConfRun = "/run/${redisName name}/nixos.conf";
@@ -391,7 +391,8 @@ in {
         RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" ];
         RestrictNamespaces = true;
         LockPersonality = true;
-        MemoryDenyWriteExecute = true;
+        # we need to disable MemoryDenyWriteExecute for keydb
+        MemoryDenyWriteExecute = cfg.package.pname != "keydb";
         RestrictRealtime = true;
         RestrictSUIDSGID = true;
         PrivateMounts = true;

diff --git a/nixos/tests/redis.nix b/nixos/tests/redis.nix
@@ -1,44 +1,87 @@
-import ./make-test-python.nix ({ pkgs, lib, ... }:
 {
-  name = "redis";
-  meta.maintainers = with lib.maintainers; [ flokli ];
-
-  nodes = {
-    machine =
-      { pkgs, lib, ... }:
-
-      {
-        services.redis.servers."".enable = true;
-        services.redis.servers."test".enable = true;
-
-        users.users = lib.listToAttrs (map (suffix: lib.nameValuePair "member${suffix}" {
-          createHome = false;
-          description = "A member of the redis${suffix} group";
-          isNormalUser = true;
-          extraGroups = [ "redis${suffix}" ];
-        }) ["" "-test"]);
-      };
+  system ? builtins.currentSystem,
+  config ? { },
+  pkgs ? import ../../.. { inherit system config; },
+
+  lib ? pkgs.lib,
+}:
+let
+  makeTest = import ./make-test-python.nix;
+  mkTestName =
+    pkg: "${pkg.pname}_${builtins.replaceStrings [ "." ] [ "" ] (lib.versions.majorMinor pkg.version)}";
+  redisPackages = {
+    inherit (pkgs) redis keydb;
   };
+  makeRedisTest =
+    {
+      package,
+      name ? mkTestName package,
+    }:
+    makeTest {
+      inherit name;
+      meta.maintainers = [
+        lib.maintainers.flokli
+        lib.teams.helsinki-systems.members
+      ];
+
+      nodes = {
+        machine =
+          { lib, ... }:
+
+          {
+            services = {
+              redis = {
+                inherit package;
+                servers."".enable = true;
+                servers."test".enable = true;
+              };
+            };
+
+            users.users = lib.listToAttrs (
+              map
+                (
+                  suffix:
+                  lib.nameValuePair "member${suffix}" {
+                    createHome = false;
+                    description = "A member of the redis${suffix} group";
+                    isNormalUser = true;
+                    extraGroups = [ "redis${suffix}" ];
+                  }
+                )
+                [
+                  ""
+                  "-test"
+                ]
+            );
+          };
+      };
 
-  testScript = { nodes, ... }: let
-    inherit (nodes.machine.config.services) redis;
-    in ''
-    start_all()
-    machine.wait_for_unit("redis")
-    machine.wait_for_unit("redis-test")
+      testScript =
+        { nodes, ... }:
+        let
+          inherit (nodes.machine.services) redis;
+        in
+        ''
+          start_all()
+          machine.wait_for_unit("redis")
+          machine.wait_for_unit("redis-test")
 
-    # The unnamed Redis server still opens a port for backward-compatibility
-    machine.wait_for_open_port(6379)
+          # The unnamed Redis server still opens a port for backward-compatibility
+          machine.wait_for_open_port(6379)
 
-    machine.wait_for_file("${redis.servers."".unixSocket}")
-    machine.wait_for_file("${redis.servers."test".unixSocket}")
+          machine.wait_for_file("${redis.servers."".unixSocket}")
+          machine.wait_for_file("${redis.servers."test".unixSocket}")
 
-    # The unix socket is accessible to the redis group
-    machine.succeed('su member -c "redis-cli ping | grep PONG"')
-    machine.succeed('su member-test -c "redis-cli ping | grep PONG"')
+          # The unix socket is accessible to the redis group
+          machine.succeed('su member -c "${pkgs.redis}/bin/redis-cli ping | grep PONG"')
+          machine.succeed('su member-test -c "${pkgs.redis}/bin/redis-cli ping | grep PONG"')
 
-    machine.succeed("redis-cli ping | grep PONG")
-    machine.succeed("redis-cli -s ${redis.servers."".unixSocket} ping | grep PONG")
-    machine.succeed("redis-cli -s ${redis.servers."test".unixSocket} ping | grep PONG")
-  '';
-})
+          machine.succeed("${pkgs.redis}/bin/redis-cli ping | grep PONG")
+          machine.succeed("${pkgs.redis}/bin/redis-cli -s ${redis.servers."".unixSocket} ping | grep PONG")
+          machine.succeed("${pkgs.redis}/bin/redis-cli -s ${
+            redis.servers."test".unixSocket
+          } ping | grep PONG")
+        '';
+    };
+in
+lib.mapAttrs (_: package: makeRedisTest { inherit package; }) redisPackages
diff --git a/pkgs/by-name/ke/keydb/package.nix b/pkgs/by-name/ke/keydb/package.nix
@@ -0,0 +1,106 @@
+{
+  stdenv,
+  lib,
+  fetchFromGitHub,
+  libuuid,
+  curl,
+  pkg-config,
+  withSystemd ? lib.meta.availableOn stdenv.hostPlatform systemd,
+  systemd,
+  tlsSupport ? !stdenv.hostPlatform.isStatic,
+  openssl,
+  jemalloc,
+  which,
+  tcl,
+  tcltls,
+  ps,
+  getconf,
+  nixosTests,
+}:
+
+stdenv.mkDerivation rec {
+  pname = "keydb";
+  version = "6.3.4";
+
+  src = fetchFromGitHub {
+    owner = "snapchat";
+    repo = "keydb";
+    rev = "v${version}";
+    hash = "sha256-j6qgK6P3Fv+b6k9jwKQ5zW7XLkKbXXcmHKBCQYvwEIU=";
+  };
+
+  postPatch = ''
+    substituteInPlace deps/lua/src/Makefile \
+      --replace-fail "ar rcu" "${stdenv.cc.targetPrefix}ar rcu"
+    substituteInPlace src/Makefile \
+      --replace-fail "as --64 -g" "${stdenv.cc.targetPrefix}as --64 -g"
+  '';
+
+  nativeBuildInputs = [ pkg-config ];
+  buildInputs = [
+    jemalloc
+    curl
+    libuuid
+  ] ++ lib.optionals tlsSupport [ openssl ] ++ lib.optionals withSystemd [ systemd ];
+
+  makeFlags =
+    [
+      "PREFIX=${placeholder "out"}"
+      "AR=${stdenv.cc.targetPrefix}ar"
+      "RANLIB=${stdenv.cc.targetPrefix}ranlib"
+      "USEASM=${if stdenv.isx86_64 then "true" else "false"}"
+    ]
+    ++ lib.optionals (!tlsSupport) [ "BUILD_TLS=no" ]
+    ++ lib.optionals withSystemd [ "USE_SYSTEMD=yes" ]
+    ++ lib.optionals (!stdenv.isx86_64) [ "MALLOC=libc" ];
+
+  enableParallelBuilding = true;
+
+  hardeningEnable = lib.optionals (!stdenv.isDarwin) [ "pie" ];
+
+  # darwin currently lacks a pure `pgrep` which is extensively used here
+  doCheck = !stdenv.isDarwin;
+  nativeCheckInputs = [
+    which
+    tcl
+    ps
+  ] ++ lib.optionals stdenv.hostPlatform.isStatic [ getconf ] ++ lib.optionals tlsSupport [ tcltls ];
+  checkPhase = ''
+    runHook preCheck
+
+    # disable test "Connect multiple replicas at the same time": even
+    # upstream find this test too timing-sensitive
+    substituteInPlace tests/integration/replication.tcl \
+      --replace-fail 'foreach mdl {no yes}' 'foreach mdl {}'
+
+    substituteInPlace tests/support/server.tcl \
+      --replace-fail 'exec /usr/bin/env' 'exec env'
+
+    sed -i '/^proc wait_load_handlers_disconnected/{n ; s/wait_for_condition 50 100/wait_for_condition 50 500/; }' \
+      tests/support/util.tcl
+
+    patchShebangs ./utils/gen-test-certs.sh
+    ${if tlsSupport then "./utils/gen-test-certs.sh" else ""}
+
+    ./runtest \
+      --no-latency \
+      --timeout 2000 \
+      --clients $NIX_BUILD_CORES \
+      --tags -leaks ${if tlsSupport then "--tls" else ""}
+
+    runHook postCheck
+  '';
+
+  passthru.tests.redis = nixosTests.redis;
+  passthru.serverBin = "keydb-server";
+
+  meta = with lib; {
+    homepage = "https://keydb.dev";
+    description = "A Multithreaded Fork of Redis";
+    license = licenses.bsd3;
+    platforms = platforms.all;
+    changelog = "https://github.com/Snapchat/KeyDB/raw/v${version}/00-RELEASENOTES";
+    maintainers = teams.helsinki-systems.members;
+    mainProgram = "keydb-cli";
+  };
+}
diff --git a/pkgs/servers/nosql/redis/default.nix b/pkgs/servers/nosql/redis/default.nix
@@ -85,6 +85,7 @@ stdenv.mkDerivation (finalAttrs: {
   '';
 
   passthru.tests.redis = nixosTests.redis;
+  passthru.serverBin = "redis-server";
 
   meta = with lib; {
     homepage = "https://redis.io";