nixos/caddy: resync with upstream unit file

author: Yorick van Pelt <yorick@yorickvanpelt.nl> 2020-01-23 14:07:05 +0100
committer: Yorick van Pelt <yorick@yorickvanpelt.nl> 2020-01-23 14:08:37 +0100
commit: 34b0167c56b3262f39a250fada3608dcf5150649 (patch)
tree: 2199a4d25b011859308eca1871192d98b6099cbd /nixos
parent: a605fcabae350b4106bfa75102bee64c1bddec3f (diff)
download: nixlib-34b0167c56b3262f39a250fada3608dcf5150649.tar
nixlib-34b0167c56b3262f39a250fada3608dcf5150649.tar.gz
nixlib-34b0167c56b3262f39a250fada3608dcf5150649.tar.bz2
nixlib-34b0167c56b3262f39a250fada3608dcf5150649.tar.lz
nixlib-34b0167c56b3262f39a250fada3608dcf5150649.tar.xz
nixlib-34b0167c56b3262f39a250fada3608dcf5150649.tar.zst
nixlib-34b0167c56b3262f39a250fada3608dcf5150649.zip
1 files changed, 12 insertions, 6 deletions
diff --git a/nixos/modules/services/web-servers/caddy.nix b/nixos/modules/services/web-servers/caddy.nix
index 132c50735d96..0e6e10a5f47d 100644
--- a/nixos/modules/services/web-servers/caddy.nix
+++ b/nixos/modules/services/web-servers/caddy.nix
@@ -64,32 +64,38 @@ in {
   config = mkIf cfg.enable {
     systemd.services.caddy = {
       description = "Caddy web server";
+      # upstream unit: https://github.com/caddyserver/caddy/blob/master/dist/init/linux-systemd/caddy.service
       after = [ "network-online.target" ];
+      wants = [ "network-online.target" ]; # systemd-networkd-wait-online.service
       wantedBy = [ "multi-user.target" ];
       environment = mkIf (versionAtLeast config.system.stateVersion "17.09")
         { CADDYPATH = cfg.dataDir; };
       serviceConfig = {
         ExecStart = ''
-          ${cfg.package}/bin/caddy -root=/var/tmp -conf=${configFile} \
+          ${cfg.package}/bin/caddy -log stdout -log-timestamps=false \
+            -root=/var/tmp -conf=${configFile} \
             -ca=${cfg.ca} -email=${cfg.email} ${optionalString cfg.agree "-agree"}
         '';
-        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+        ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID";
         Type = "simple";
         User = "caddy";
         Group = "caddy";
-        Restart = "on-failure";
-        StartLimitInterval = 86400;
-        StartLimitBurst = 5;
+        Restart = "on-abnormal";
+        StartLimitIntervalSec = 14400;
+        StartLimitBurst = 10;
         AmbientCapabilities = "cap_net_bind_service";
         CapabilityBoundingSet = "cap_net_bind_service";
         NoNewPrivileges = true;
-        LimitNPROC = 64;
+        LimitNPROC = 512;
         LimitNOFILE = 1048576;
         PrivateTmp = true;
         PrivateDevices = true;
         ProtectHome = true;
         ProtectSystem = "full";
         ReadWriteDirectories = cfg.dataDir;
+        KillMode = "mixed";
+        KillSignal = "SIGQUIT";
+        TimeoutStopSec = "5s";
       };
     };
author	Yorick van Pelt <yorick@yorickvanpelt.nl>	2020-01-23 14:07:05 +0100
committer	Yorick van Pelt <yorick@yorickvanpelt.nl>	2020-01-23 14:08:37 +0100
commit	34b0167c56b3262f39a250fada3608dcf5150649 (patch)
tree	2199a4d25b011859308eca1871192d98b6099cbd /nixos
parent	a605fcabae350b4106bfa75102bee64c1bddec3f (diff)
download	nixlib-34b0167c56b3262f39a250fada3608dcf5150649.tar nixlib-34b0167c56b3262f39a250fada3608dcf5150649.tar.gz nixlib-34b0167c56b3262f39a250fada3608dcf5150649.tar.bz2 nixlib-34b0167c56b3262f39a250fada3608dcf5150649.tar.lz nixlib-34b0167c56b3262f39a250fada3608dcf5150649.tar.xz nixlib-34b0167c56b3262f39a250fada3608dcf5150649.tar.zst nixlib-34b0167c56b3262f39a250fada3608dcf5150649.zip