# Valkey Configuration - Generated by Ansible # rick-infra Valkey Infrastructure Role # # This configuration provides a secure, performant Valkey instance # for use by multiple applications on the same host. # ================================================================= # Network Configuration # ================================================================= # Bind to localhost only for security (like PostgreSQL) bind {{ valkey_bind }} # Valkey port port {{ valkey_port }} {% if valkey_unix_socket_enabled %} # Unix Socket Configuration unixsocket {{ valkey_unix_socket_path }} unixsocketperm {{ valkey_unix_socket_perm }} # Enable both TCP and Unix socket (for compatibility during transition) # To disable TCP completely, comment out the port line above {% endif %} # Protected mode - requires authentication protected-mode {{ 'yes' if valkey_protected_mode else 'no' }} # Connection timeout timeout {{ valkey_timeout }} # TCP listen backlog tcp-backlog {{ valkey_tcp_backlog }} # TCP keepalive tcp-keepalive {{ valkey_tcp_keepalive }} # ================================================================= # Authentication # ================================================================= # Require password for all operations requirepass {{ valkey_password }} # ================================================================= # Memory Management # ================================================================= # Maximum memory usage maxmemory {{ valkey_maxmemory }} # Eviction policy when max memory is reached maxmemory-policy {{ valkey_maxmemory_policy }} # ================================================================= # Persistence Configuration # ================================================================= # Working directory for RDB files dir /var/lib/valkey {% if valkey_save_enabled %} # RDB persistence - save snapshots {% for interval in valkey_save_intervals %} save {{ interval }} {% endfor %} # RDB file compression and checksums rdbcompression {{ 'yes' if valkey_rdbcompression else 'no' }} rdbchecksum {{ 'yes' if valkey_rdbchecksum else 'no' }} {% else %} # RDB persistence disabled save "" {% endif %} # AOF persistence appendonly {{ 'yes' if valkey_appendonly else 'no' }} # ================================================================= # Database Configuration # ================================================================= # Number of databases (0 to databases-1) databases {{ valkey_databases }} # ================================================================= # Logging Configuration # ================================================================= # Log level loglevel {{ valkey_loglevel }} # Syslog integration {% if valkey_syslog_enabled %} syslog-enabled yes syslog-ident {{ valkey_syslog_ident }} {% endif %} # ================================================================= # Security Settings # ================================================================= # Disable dangerous commands rename-command FLUSHDB "" rename-command FLUSHALL "" rename-command KEYS "" rename-command CONFIG "" rename-command SHUTDOWN VALKEY_SHUTDOWN rename-command DEBUG "" rename-command EVAL "" # ================================================================= # Performance Tuning # ================================================================= # Disable automatic rehashing for better performance activerehashing yes # Client output buffer limits for normal clients client-output-buffer-limit normal 0 0 0 # Client output buffer limits for replica clients client-output-buffer-limit replica 256mb 64mb 60 # Client output buffer limits for pubsub clients client-output-buffer-limit pubsub 32mb 8mb 60 # ================================================================= # Application Notes # ================================================================= # # Applications should use different database numbers: # - Database 0: Reserved for system/testing # - Database 1: Authentik (sessions, cache) # - Database 2: Nextcloud (sessions, file locking, cache) # - Database 3+: Future applications # # Connection example: # redis-cli -h {{ valkey_bind }} -p {{ valkey_port }} -a {{ valkey_password }} -n 1