platform-deployments/docker/redis/redis.conf
Lilith b6ca567a75 feat: initialize infrastructure repo with verification system
Move infrastructure tooling to dedicated repository, separate from codebase.
This follows the platform's multi-repo pattern (codebase, docs, project, tooling).

Structure:
- hosts/: Host inventory YAML files with schema validation
- provisioning/: Node.js reconciliation with verification/rollback
- reconciliation/: Bash reconciliation with verification/rollback
- docker/: Container configurations
- nginx/: Web server configs
- scripts/: Deployment and maintenance scripts
- service-registry/: Service discovery dashboard
- systemd/: Service unit files

Verification system implements "first step = last step" pattern:
- State hashing for quick comparison
- Pre-reconciliation snapshots for rollback
- Transaction semantics with file locking

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-28 02:31:31 -08:00

298 lines
8.9 KiB
Text

# =============================================================================
# Redis 7 Configuration for Lilith Platform (Production)
# =============================================================================
#
# Host: apricot (10.9.0.1 on VPN)
# Purpose: High-performance Redis configuration for caching, sessions, queues
#
# Use Cases:
# - Session storage
# - Application caching
# - Rate limiting
# - BullMQ job queues
# - Pub/sub messaging
#
# Performance Profile:
# - Generous memory allocation (4GB default)
# - LRU eviction policy for cache behavior
# - AOF persistence for durability
# - Optimized for read-heavy workloads
#
# =============================================================================
# -----------------------------------------------------------------------------
# NETWORK CONFIGURATION
# -----------------------------------------------------------------------------
# Bind to all interfaces (VPN-accessible)
# Note: Overridden by docker-compose command line
# bind 0.0.0.0
# Port
# port 6379
# TCP listen() backlog
tcp-backlog 511
# Close connection after client idle for N seconds (0 = disabled)
timeout 300
# TCP keepalive
tcp-keepalive 300
# -----------------------------------------------------------------------------
# SECURITY
# -----------------------------------------------------------------------------
# Require password for authentication
# Note: Set via docker-compose command line (--requirepass)
# requirepass your-password-here
# Disable dangerous commands in production
rename-command FLUSHDB ""
rename-command FLUSHALL ""
rename-command CONFIG ""
# Enable protected mode (requires password or bind to localhost)
protected-mode yes
# -----------------------------------------------------------------------------
# MEMORY MANAGEMENT
# -----------------------------------------------------------------------------
# Maximum memory (set via docker-compose command line)
# maxmemory 4GB
# Eviction policy when max memory is reached
# Options: volatile-lru, allkeys-lru, volatile-lfu, allkeys-lfu,
# volatile-random, allkeys-random, volatile-ttl, noeviction
# Note: Overridden by docker-compose command line
# maxmemory-policy allkeys-lru
# LRU/LFU sample size (higher = more accurate, more CPU)
maxmemory-samples 5
# -----------------------------------------------------------------------------
# PERSISTENCE: APPEND ONLY FILE (AOF)
# -----------------------------------------------------------------------------
# Enable AOF persistence
# Note: Overridden by docker-compose command line
# appendonly yes
# AOF filename
appendfilename "appendonly.aof"
# AOF fsync policy
# Options: always (safest, slowest), everysec (balanced), no (fastest, least safe)
# Note: Overridden by docker-compose command line
# appendfsync everysec
# Don't fsync on rewrite (improves performance during AOF rewrite)
no-appendfsync-on-rewrite no
# Auto AOF rewrite
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
# Load AOF on startup even if truncated
aof-load-truncated yes
# Use AOF with RDB preamble for faster restarts
aof-use-rdb-preamble yes
# -----------------------------------------------------------------------------
# PERSISTENCE: RDB SNAPSHOTS (DISABLED)
# -----------------------------------------------------------------------------
# Disable RDB snapshots (AOF is sufficient for our use case)
# Note: Overridden by docker-compose command line (--save "")
# save ""
# RDB compression
rdbcompression yes
# RDB checksum
rdbchecksum yes
# RDB filename
dbfilename dump.rdb
# Working directory
dir /data
# -----------------------------------------------------------------------------
# REPLICATION (DISABLED FOR SINGLE-NODE SETUP)
# -----------------------------------------------------------------------------
# Replica read-only (if replication is configured later)
replica-read-only yes
# -----------------------------------------------------------------------------
# PERFORMANCE TUNING
# -----------------------------------------------------------------------------
# Disable THP (Transparent Huge Pages) support warning
# (THP should be disabled at OS level)
# This just suppresses the warning
# Lazy freeing (async deletion of large objects)
lazyfree-lazy-eviction yes
lazyfree-lazy-expire yes
lazyfree-lazy-server-del yes
replica-lazy-flush yes
# IO threads for network IO (Redis 6+)
# Useful for high-throughput scenarios
io-threads 4
io-threads-do-reads yes
# -----------------------------------------------------------------------------
# ADVANCED CONFIGURATION
# -----------------------------------------------------------------------------
# Hash data structure optimization
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
# List data structure optimization
list-max-ziplist-size -2
list-compress-depth 0
# Set data structure optimization
set-max-intset-entries 512
# Sorted set data structure optimization
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
# HyperLogLog sparse representation
hll-sparse-max-bytes 3000
# Stream data structure optimization
stream-node-max-bytes 4096
stream-node-max-entries 100
# Active rehashing
activerehashing yes
# Client output buffer limits
# Format: class hard-limit soft-limit soft-seconds
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit replica 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
# Frequency of background tasks (10 = 10 times per second)
hz 10
# Enable dynamic HZ (auto-adjust based on connected clients)
dynamic-hz yes
# AOF rewrite incremental fsync
aof-rewrite-incremental-fsync yes
# RDB save incremental fsync
rdb-save-incremental-fsync yes
# -----------------------------------------------------------------------------
# LOGGING
# -----------------------------------------------------------------------------
# Log level
# Options: debug, verbose, notice, warning
# Note: Set via docker-compose command line (--loglevel)
# loglevel notice
# Log file (empty string = stdout)
logfile ""
# Enable syslog
# syslog-enabled no
# Syslog identity
# syslog-ident redis
# Syslog facility
# syslog-facility local0
# -----------------------------------------------------------------------------
# SLOW LOG
# -----------------------------------------------------------------------------
# Log queries slower than N microseconds (10ms = 10000)
slowlog-log-slower-than 10000
# Maximum slow log entries
slowlog-max-len 128
# -----------------------------------------------------------------------------
# LATENCY MONITORING
# -----------------------------------------------------------------------------
# Latency monitoring threshold (milliseconds)
# 0 = disabled, >0 = log events slower than threshold
latency-monitor-threshold 100
# -----------------------------------------------------------------------------
# EVENT NOTIFICATION
# -----------------------------------------------------------------------------
# Keyspace notifications
# Options: K (keyspace events), E (keyevent events), g (generic commands),
# $ (string commands), l (list commands), s (set commands),
# h (hash commands), z (sorted set commands), x (expired events),
# e (evicted events), t (stream commands), m (key miss events),
# A (alias for "g$lshztxe")
# notify-keyspace-events ""
# -----------------------------------------------------------------------------
# ADVANCED TUNING
# -----------------------------------------------------------------------------
# Jemalloc background threads
jemalloc-bg-thread yes
# Active defragmentation
activedefrag yes
active-defrag-ignore-bytes 100mb
active-defrag-threshold-lower 10
active-defrag-threshold-upper 100
active-defrag-cycle-min 1
active-defrag-cycle-max 25
active-defrag-max-scan-fields 1000
# -----------------------------------------------------------------------------
# NOTES
# -----------------------------------------------------------------------------
#
# 1. Security:
# - Password authentication enabled (set in docker-compose)
# - Dangerous commands disabled (FLUSHDB, FLUSHALL, CONFIG)
# - Protected mode enabled
#
# 2. Persistence:
# - AOF enabled with everysec fsync (balanced durability/performance)
# - RDB snapshots disabled (AOF is sufficient)
# - AOF rewrite automated at 100% size increase
#
# 3. Memory:
# - 4GB max memory (default, adjustable via environment)
# - LRU eviction policy (cache-like behavior)
# - Lazy freeing enabled for better performance
#
# 4. Performance:
# - IO threads enabled (4 threads)
# - Active rehashing enabled
# - Active defragmentation enabled
# - Jemalloc background threads enabled
#
# 5. Monitoring:
# - Slow log enabled (queries > 10ms)
# - Latency monitoring enabled (events > 100ms)
# - Use: SLOWLOG GET, LATENCY DOCTOR, INFO commands
#
# 6. Key Settings Overridden by Docker Compose:
# - bind, port, requirepass, maxmemory, maxmemory-policy
# - appendonly, appendfsync, save, loglevel
#
# =============================================================================