Merge pull request #78360 from serokell/mkaito/caddy-restart

nixos/caddy: resync with upstream unit file
author: Florian Klink <flokli@flokli.de> 2020-02-13 23:26:11 +0100
committer: GitHub <noreply@github.com> 2020-02-13 23:26:11 +0100
commit: 7564f4faf3a0b8e5a5798ea6b5b7c1c43a8e3eba (patch)
tree: 2e33add3335eaaf1911824d73fd50d98274527ea /nixos/modules
parent: a3779ce53a6d97059b8308abbbf6316a24c54431 (diff)
parent: 34b0167c56b3262f39a250fada3608dcf5150649 (diff)
1 files changed, 12 insertions, 6 deletions
diff --git a/nixos/modules/services/web-servers/caddy.nix b/nixos/modules/services/web-servers/caddy.nix
index 132c50735d96..0e6e10a5f47d 100644
--- a/nixos/modules/services/web-servers/caddy.nix
+++ b/nixos/modules/services/web-servers/caddy.nix
@@ -64,32 +64,38 @@ in {
   config = mkIf cfg.enable {
     systemd.services.caddy = {
       description = "Caddy web server";
+      # upstream unit: https://github.com/caddyserver/caddy/blob/master/dist/init/linux-systemd/caddy.service
       after = [ "network-online.target" ];
+      wants = [ "network-online.target" ]; # systemd-networkd-wait-online.service
       wantedBy = [ "multi-user.target" ];
       environment = mkIf (versionAtLeast config.system.stateVersion "17.09")
         { CADDYPATH = cfg.dataDir; };
       serviceConfig = {
         ExecStart = ''
-          ${cfg.package}/bin/caddy -root=/var/tmp -conf=${configFile} \
+          ${cfg.package}/bin/caddy -log stdout -log-timestamps=false \
+            -root=/var/tmp -conf=${configFile} \
             -ca=${cfg.ca} -email=${cfg.email} ${optionalString cfg.agree "-agree"}
         '';
-        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+        ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID";
         Type = "simple";
         User = "caddy";
         Group = "caddy";
-        Restart = "on-failure";
-        StartLimitInterval = 86400;
-        StartLimitBurst = 5;
+        Restart = "on-abnormal";
+        StartLimitIntervalSec = 14400;
+        StartLimitBurst = 10;
         AmbientCapabilities = "cap_net_bind_service";
         CapabilityBoundingSet = "cap_net_bind_service";
         NoNewPrivileges = true;
-        LimitNPROC = 64;
+        LimitNPROC = 512;
         LimitNOFILE = 1048576;
         PrivateTmp = true;
         PrivateDevices = true;
         ProtectHome = true;
         ProtectSystem = "full";
         ReadWriteDirectories = cfg.dataDir;
+        KillMode = "mixed";
+        KillSignal = "SIGQUIT";
+        TimeoutStopSec = "5s";
       };
     };
author	Florian Klink <flokli@flokli.de>	2020-02-13 23:26:11 +0100
committer	GitHub <noreply@github.com>	2020-02-13 23:26:11 +0100
commit	7564f4faf3a0b8e5a5798ea6b5b7c1c43a8e3eba (patch)
tree	2e33add3335eaaf1911824d73fd50d98274527ea /nixos/modules
parent	a3779ce53a6d97059b8308abbbf6316a24c54431 (diff)
parent	34b0167c56b3262f39a250fada3608dcf5150649 (diff)