add configs and docs

README.md

@@ -0,0 +1,16 @@
+# redis
+
+Installs redis and configures instances.
+
+
+## Configuration
+
+For each instance, you can set:
+
+* `name`: name of the instance. Gets used to name the config file, the socket and more.
+* `bind`: bind addresses. Defaults to `127.0.0.1 ::1`. TCP listening is disabled when `socket_perm` is `true`
+* `port`: port to listen on. TCP listening is disabled when `socket_perm` is `true`
+* `socket_enabled`: enables listening on a socket. Not set by default
+* `socket_perm`: permissions on the socket. Defaults to `700`
+* `maxmemory`: maximum memory for the instance. Not set by default
+* `maxmemory_policy`: maxmemory-policy. Defaults to `noeviction`

files/redis@.service

@@ -0,0 +1,45 @@
+[Unit]
+Description=Advanced key-value store
+After=network.target
+Documentation=http://redis.io/documentation, man:redis-server(1)
+
+[Service]
+Type=forking
+ExecStart=/usr/bin/redis-server /etc/redis/redis-%i.conf
+ExecStop=/bin/kill -s TERM $MAINPID
+PIDFile=/run/redis/redis-%i.pid
+TimeoutStopSec=0
+Restart=always
+User=redis
+Group=redis
+RuntimeDirectory=redis
+RuntimeDirectoryMode=2755
+
+UMask=007
+PrivateTmp=yes
+LimitNOFILE=65535
+PrivateDevices=yes
+ProtectHome=yes
+ReadOnlyDirectories=/
+ReadWriteDirectories=-/var/lib/redis-%i
+ReadWriteDirectories=-/var/log/redis
+ReadWriteDirectories=-/var/run/redis-%i
+
+NoNewPrivileges=true
+CapabilityBoundingSet=CAP_SETGID CAP_SETUID CAP_SYS_RESOURCE
+MemoryDenyWriteExecute=true
+ProtectKernelModules=true
+ProtectKernelTunables=true
+ProtectControlGroups=true
+RestrictRealtime=true
+RestrictNamespaces=true
+RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX
+
+# redis-server can write to its own config file when in cluster mode so we
+# permit writing there by default. If you are not using this feature, it is
+# recommended that you replace the following lines with "ProtectSystem=full".
+ProtectSystem=full
+
+[Install]
+WantedBy=multi-user.target
+Alias=redis.service

handlers/main.yml

@@ -1,6 +1,10 @@
-- name: restart redis
+- name: restart and enable redis
   systemd:
-    name: redis
+    name: "redis@{{ item.item.name }}"
     state: restarted
     enabled: yes
+  loop: "{{ configs_changed.results }}"
+
+- name: systemd daemon reload
+  systemd:
     daemon_reload: yes

tasks/main.yml

@@ -2,4 +2,49 @@
   apt:
     pkg:
       - redis
+  register: redis_installed
 
+- name: stop default redis
+  when: redis_installed.changed
+  systemd:
+    name: redis
+    state: stopped
+
+- name: clean up default files
+  when: redis_installed.changed
+  file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - "/etc/systemd/system/redis.service"
+    - "/etc/systemd/system/multi-user.target.wants/redis-server.service"
+    - "/etc/redis/redis.conf"
+    - "/var/lib/redis"
+
+- name: deploy redis systemd unit
+  copy:
+    src: redis@.service
+    dest: /etc/systemd/system/redis@.service
+  notify:
+    - systemd daemon reload
+
+- name: deploy redis directories
+  file:
+    path: "/var/lib/redis-{{ item.name }}"
+    state: directory
+    owner: redis
+    group: redis
+    mode: '0750'
+  loop: "{{ redis.instances }}"
+
+- name: configure redis
+  template:
+    src: redis.conf.j2
+    dest: "/etc/redis/redis-{{ item.name }}.conf"
+    owner: redis
+    group: redis
+    mode: 0640
+  loop: "{{ redis.instances }}"
+  register: configs_changed
+  notify:
+    - restart and enable redis