diff options
author | Florian Klink <flokli@flokli.de> | 2020-02-13 23:26:11 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-02-13 23:26:11 +0100 |
commit | 7564f4faf3a0b8e5a5798ea6b5b7c1c43a8e3eba (patch) | |
tree | 2e33add3335eaaf1911824d73fd50d98274527ea | |
parent | a3779ce53a6d97059b8308abbbf6316a24c54431 (diff) | |
parent | 34b0167c56b3262f39a250fada3608dcf5150649 (diff) | |
download | nixlib-7564f4faf3a0b8e5a5798ea6b5b7c1c43a8e3eba.tar nixlib-7564f4faf3a0b8e5a5798ea6b5b7c1c43a8e3eba.tar.gz nixlib-7564f4faf3a0b8e5a5798ea6b5b7c1c43a8e3eba.tar.bz2 nixlib-7564f4faf3a0b8e5a5798ea6b5b7c1c43a8e3eba.tar.lz nixlib-7564f4faf3a0b8e5a5798ea6b5b7c1c43a8e3eba.tar.xz nixlib-7564f4faf3a0b8e5a5798ea6b5b7c1c43a8e3eba.tar.zst nixlib-7564f4faf3a0b8e5a5798ea6b5b7c1c43a8e3eba.zip |
Merge pull request #78360 from serokell/mkaito/caddy-restart
nixos/caddy: resync with upstream unit file
-rw-r--r-- | nixos/modules/services/web-servers/caddy.nix | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/nixos/modules/services/web-servers/caddy.nix b/nixos/modules/services/web-servers/caddy.nix index 132c50735d96..0e6e10a5f47d 100644 --- a/nixos/modules/services/web-servers/caddy.nix +++ b/nixos/modules/services/web-servers/caddy.nix @@ -64,32 +64,38 @@ in { config = mkIf cfg.enable { systemd.services.caddy = { description = "Caddy web server"; + # upstream unit: https://github.com/caddyserver/caddy/blob/master/dist/init/linux-systemd/caddy.service after = [ "network-online.target" ]; + wants = [ "network-online.target" ]; # systemd-networkd-wait-online.service wantedBy = [ "multi-user.target" ]; environment = mkIf (versionAtLeast config.system.stateVersion "17.09") { CADDYPATH = cfg.dataDir; }; serviceConfig = { ExecStart = '' - ${cfg.package}/bin/caddy -root=/var/tmp -conf=${configFile} \ + ${cfg.package}/bin/caddy -log stdout -log-timestamps=false \ + -root=/var/tmp -conf=${configFile} \ -ca=${cfg.ca} -email=${cfg.email} ${optionalString cfg.agree "-agree"} ''; - ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID"; Type = "simple"; User = "caddy"; Group = "caddy"; - Restart = "on-failure"; - StartLimitInterval = 86400; - StartLimitBurst = 5; + Restart = "on-abnormal"; + StartLimitIntervalSec = 14400; + StartLimitBurst = 10; AmbientCapabilities = "cap_net_bind_service"; CapabilityBoundingSet = "cap_net_bind_service"; NoNewPrivileges = true; - LimitNPROC = 64; + LimitNPROC = 512; LimitNOFILE = 1048576; PrivateTmp = true; PrivateDevices = true; ProtectHome = true; ProtectSystem = "full"; ReadWriteDirectories = cfg.dataDir; + KillMode = "mixed"; + KillSignal = "SIGQUIT"; + TimeoutStopSec = "5s"; }; }; |