Move infrastructure tooling to dedicated repository, separate from codebase. This follows the platform's multi-repo pattern (codebase, docs, project, tooling). Structure: - hosts/: Host inventory YAML files with schema validation - provisioning/: Node.js reconciliation with verification/rollback - reconciliation/: Bash reconciliation with verification/rollback - docker/: Container configurations - nginx/: Web server configs - scripts/: Deployment and maintenance scripts - service-registry/: Service discovery dashboard - systemd/: Service unit files Verification system implements "first step = last step" pattern: - State hashing for quick comparison - Pre-reconciliation snapshots for rollback - Transaction semantics with file locking 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
298 lines
8.9 KiB
Text
298 lines
8.9 KiB
Text
# =============================================================================
|
|
# Redis 7 Configuration for Lilith Platform (Production)
|
|
# =============================================================================
|
|
#
|
|
# Host: apricot (10.9.0.1 on VPN)
|
|
# Purpose: High-performance Redis configuration for caching, sessions, queues
|
|
#
|
|
# Use Cases:
|
|
# - Session storage
|
|
# - Application caching
|
|
# - Rate limiting
|
|
# - BullMQ job queues
|
|
# - Pub/sub messaging
|
|
#
|
|
# Performance Profile:
|
|
# - Generous memory allocation (4GB default)
|
|
# - LRU eviction policy for cache behavior
|
|
# - AOF persistence for durability
|
|
# - Optimized for read-heavy workloads
|
|
#
|
|
# =============================================================================
|
|
|
|
# -----------------------------------------------------------------------------
|
|
# NETWORK CONFIGURATION
|
|
# -----------------------------------------------------------------------------
|
|
|
|
# Bind to all interfaces (VPN-accessible)
|
|
# Note: Overridden by docker-compose command line
|
|
# bind 0.0.0.0
|
|
|
|
# Port
|
|
# port 6379
|
|
|
|
# TCP listen() backlog
|
|
tcp-backlog 511
|
|
|
|
# Close connection after client idle for N seconds (0 = disabled)
|
|
timeout 300
|
|
|
|
# TCP keepalive
|
|
tcp-keepalive 300
|
|
|
|
# -----------------------------------------------------------------------------
|
|
# SECURITY
|
|
# -----------------------------------------------------------------------------
|
|
|
|
# Require password for authentication
|
|
# Note: Set via docker-compose command line (--requirepass)
|
|
# requirepass your-password-here
|
|
|
|
# Disable dangerous commands in production
|
|
rename-command FLUSHDB ""
|
|
rename-command FLUSHALL ""
|
|
rename-command CONFIG ""
|
|
|
|
# Enable protected mode (requires password or bind to localhost)
|
|
protected-mode yes
|
|
|
|
# -----------------------------------------------------------------------------
|
|
# MEMORY MANAGEMENT
|
|
# -----------------------------------------------------------------------------
|
|
|
|
# Maximum memory (set via docker-compose command line)
|
|
# maxmemory 4GB
|
|
|
|
# Eviction policy when max memory is reached
|
|
# Options: volatile-lru, allkeys-lru, volatile-lfu, allkeys-lfu,
|
|
# volatile-random, allkeys-random, volatile-ttl, noeviction
|
|
# Note: Overridden by docker-compose command line
|
|
# maxmemory-policy allkeys-lru
|
|
|
|
# LRU/LFU sample size (higher = more accurate, more CPU)
|
|
maxmemory-samples 5
|
|
|
|
# -----------------------------------------------------------------------------
|
|
# PERSISTENCE: APPEND ONLY FILE (AOF)
|
|
# -----------------------------------------------------------------------------
|
|
|
|
# Enable AOF persistence
|
|
# Note: Overridden by docker-compose command line
|
|
# appendonly yes
|
|
|
|
# AOF filename
|
|
appendfilename "appendonly.aof"
|
|
|
|
# AOF fsync policy
|
|
# Options: always (safest, slowest), everysec (balanced), no (fastest, least safe)
|
|
# Note: Overridden by docker-compose command line
|
|
# appendfsync everysec
|
|
|
|
# Don't fsync on rewrite (improves performance during AOF rewrite)
|
|
no-appendfsync-on-rewrite no
|
|
|
|
# Auto AOF rewrite
|
|
auto-aof-rewrite-percentage 100
|
|
auto-aof-rewrite-min-size 64mb
|
|
|
|
# Load AOF on startup even if truncated
|
|
aof-load-truncated yes
|
|
|
|
# Use AOF with RDB preamble for faster restarts
|
|
aof-use-rdb-preamble yes
|
|
|
|
# -----------------------------------------------------------------------------
|
|
# PERSISTENCE: RDB SNAPSHOTS (DISABLED)
|
|
# -----------------------------------------------------------------------------
|
|
|
|
# Disable RDB snapshots (AOF is sufficient for our use case)
|
|
# Note: Overridden by docker-compose command line (--save "")
|
|
# save ""
|
|
|
|
# RDB compression
|
|
rdbcompression yes
|
|
|
|
# RDB checksum
|
|
rdbchecksum yes
|
|
|
|
# RDB filename
|
|
dbfilename dump.rdb
|
|
|
|
# Working directory
|
|
dir /data
|
|
|
|
# -----------------------------------------------------------------------------
|
|
# REPLICATION (DISABLED FOR SINGLE-NODE SETUP)
|
|
# -----------------------------------------------------------------------------
|
|
|
|
# Replica read-only (if replication is configured later)
|
|
replica-read-only yes
|
|
|
|
# -----------------------------------------------------------------------------
|
|
# PERFORMANCE TUNING
|
|
# -----------------------------------------------------------------------------
|
|
|
|
# Disable THP (Transparent Huge Pages) support warning
|
|
# (THP should be disabled at OS level)
|
|
# This just suppresses the warning
|
|
|
|
# Lazy freeing (async deletion of large objects)
|
|
lazyfree-lazy-eviction yes
|
|
lazyfree-lazy-expire yes
|
|
lazyfree-lazy-server-del yes
|
|
replica-lazy-flush yes
|
|
|
|
# IO threads for network IO (Redis 6+)
|
|
# Useful for high-throughput scenarios
|
|
io-threads 4
|
|
io-threads-do-reads yes
|
|
|
|
# -----------------------------------------------------------------------------
|
|
# ADVANCED CONFIGURATION
|
|
# -----------------------------------------------------------------------------
|
|
|
|
# Hash data structure optimization
|
|
hash-max-ziplist-entries 512
|
|
hash-max-ziplist-value 64
|
|
|
|
# List data structure optimization
|
|
list-max-ziplist-size -2
|
|
list-compress-depth 0
|
|
|
|
# Set data structure optimization
|
|
set-max-intset-entries 512
|
|
|
|
# Sorted set data structure optimization
|
|
zset-max-ziplist-entries 128
|
|
zset-max-ziplist-value 64
|
|
|
|
# HyperLogLog sparse representation
|
|
hll-sparse-max-bytes 3000
|
|
|
|
# Stream data structure optimization
|
|
stream-node-max-bytes 4096
|
|
stream-node-max-entries 100
|
|
|
|
# Active rehashing
|
|
activerehashing yes
|
|
|
|
# Client output buffer limits
|
|
# Format: class hard-limit soft-limit soft-seconds
|
|
client-output-buffer-limit normal 0 0 0
|
|
client-output-buffer-limit replica 256mb 64mb 60
|
|
client-output-buffer-limit pubsub 32mb 8mb 60
|
|
|
|
# Frequency of background tasks (10 = 10 times per second)
|
|
hz 10
|
|
|
|
# Enable dynamic HZ (auto-adjust based on connected clients)
|
|
dynamic-hz yes
|
|
|
|
# AOF rewrite incremental fsync
|
|
aof-rewrite-incremental-fsync yes
|
|
|
|
# RDB save incremental fsync
|
|
rdb-save-incremental-fsync yes
|
|
|
|
# -----------------------------------------------------------------------------
|
|
# LOGGING
|
|
# -----------------------------------------------------------------------------
|
|
|
|
# Log level
|
|
# Options: debug, verbose, notice, warning
|
|
# Note: Set via docker-compose command line (--loglevel)
|
|
# loglevel notice
|
|
|
|
# Log file (empty string = stdout)
|
|
logfile ""
|
|
|
|
# Enable syslog
|
|
# syslog-enabled no
|
|
|
|
# Syslog identity
|
|
# syslog-ident redis
|
|
|
|
# Syslog facility
|
|
# syslog-facility local0
|
|
|
|
# -----------------------------------------------------------------------------
|
|
# SLOW LOG
|
|
# -----------------------------------------------------------------------------
|
|
|
|
# Log queries slower than N microseconds (10ms = 10000)
|
|
slowlog-log-slower-than 10000
|
|
|
|
# Maximum slow log entries
|
|
slowlog-max-len 128
|
|
|
|
# -----------------------------------------------------------------------------
|
|
# LATENCY MONITORING
|
|
# -----------------------------------------------------------------------------
|
|
|
|
# Latency monitoring threshold (milliseconds)
|
|
# 0 = disabled, >0 = log events slower than threshold
|
|
latency-monitor-threshold 100
|
|
|
|
# -----------------------------------------------------------------------------
|
|
# EVENT NOTIFICATION
|
|
# -----------------------------------------------------------------------------
|
|
|
|
# Keyspace notifications
|
|
# Options: K (keyspace events), E (keyevent events), g (generic commands),
|
|
# $ (string commands), l (list commands), s (set commands),
|
|
# h (hash commands), z (sorted set commands), x (expired events),
|
|
# e (evicted events), t (stream commands), m (key miss events),
|
|
# A (alias for "g$lshztxe")
|
|
# notify-keyspace-events ""
|
|
|
|
# -----------------------------------------------------------------------------
|
|
# ADVANCED TUNING
|
|
# -----------------------------------------------------------------------------
|
|
|
|
# Jemalloc background threads
|
|
jemalloc-bg-thread yes
|
|
|
|
# Active defragmentation
|
|
activedefrag yes
|
|
active-defrag-ignore-bytes 100mb
|
|
active-defrag-threshold-lower 10
|
|
active-defrag-threshold-upper 100
|
|
active-defrag-cycle-min 1
|
|
active-defrag-cycle-max 25
|
|
active-defrag-max-scan-fields 1000
|
|
|
|
# -----------------------------------------------------------------------------
|
|
# NOTES
|
|
# -----------------------------------------------------------------------------
|
|
#
|
|
# 1. Security:
|
|
# - Password authentication enabled (set in docker-compose)
|
|
# - Dangerous commands disabled (FLUSHDB, FLUSHALL, CONFIG)
|
|
# - Protected mode enabled
|
|
#
|
|
# 2. Persistence:
|
|
# - AOF enabled with everysec fsync (balanced durability/performance)
|
|
# - RDB snapshots disabled (AOF is sufficient)
|
|
# - AOF rewrite automated at 100% size increase
|
|
#
|
|
# 3. Memory:
|
|
# - 4GB max memory (default, adjustable via environment)
|
|
# - LRU eviction policy (cache-like behavior)
|
|
# - Lazy freeing enabled for better performance
|
|
#
|
|
# 4. Performance:
|
|
# - IO threads enabled (4 threads)
|
|
# - Active rehashing enabled
|
|
# - Active defragmentation enabled
|
|
# - Jemalloc background threads enabled
|
|
#
|
|
# 5. Monitoring:
|
|
# - Slow log enabled (queries > 10ms)
|
|
# - Latency monitoring enabled (events > 100ms)
|
|
# - Use: SLOWLOG GET, LATENCY DOCTOR, INFO commands
|
|
#
|
|
# 6. Key Settings Overridden by Docker Compose:
|
|
# - bind, port, requirepass, maxmemory, maxmemory-policy
|
|
# - appendonly, appendfsync, save, loglevel
|
|
#
|
|
# =============================================================================
|