switch to unix socket socket for redis

nftables-social.conf

@@ -48,16 +48,13 @@ table inet filter {
     }
 
     chain output-internal {
-        skuid unbound meta l4proto {tcp, udp} th sport 53 th dport >= 1024 th dport != {3000, 4000, 6379} accept
-        skuid {chrony, mastodon} meta l4proto {tcp, udp} th sport >= 1024 th sport != {3000, 4000, 6379} th dport 53 accept
+        skuid unbound meta l4proto {tcp, udp} th sport 53 th dport >= 1024 th dport != {3000, 4000} accept
+        skuid {chrony, mastodon} meta l4proto {tcp, udp} th sport >= 1024 th sport != {3000, 4000} th dport 53 accept
 
-        skuid postgres udp sport >= 1024 udp sport != {3000, 4000, 6379} udp dport >= 1024 udp dport != {3000, 4000, 6379} accept
+        skuid postgres udp sport >= 1024 udp sport != {3000, 4000} udp dport >= 1024 udp dport != {3000, 4000} accept
 
-        skuid mastodon tcp sport {3000, 4000, 6379} tcp dport >= 1024 tcp dport != {3000, 4000, 6379} accept
-        skuid http tcp sport >= 1024 tcp sport != {3000, 4000, 6379} tcp dport {3000, 4000, 6379} accept
-
-        skuid redis tcp sport 6379 tcp dport >= 1024 tcp dport != {3000, 4000, 6379} accept
-        skuid mastodon tcp sport >= 1024 tcp sport != {3000, 4000, 6379} tcp dport 6379 accept
+        skuid mastodon tcp sport {3000, 4000} tcp dport >= 1024 tcp dport != {3000, 4000} accept
+        skuid http tcp sport >= 1024 tcp sport != {3000, 4000} tcp dport {3000, 4000} accept
 
         skuid != root counter goto output-reject
         accept

unbound.conf

@@ -10,7 +10,6 @@ server:
     outgoing-port-permit: 1024-65535
     outgoing-port-avoid: 3000 # mastodon web
     outgoing-port-avoid: 4000 # mastodon streaming
-    outgoing-port-avoid: 6379 # redis
     outgoing-port-avoid: 7275 # supl
     outgoing-port-avoid: 8008 # synapse
     outgoing-port-avoid: 8080 # attestation