dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

nixos/caddy: resync with upstream unit file

Browse Source
This commit is contained in:
Yorick van Pelt 2020-01-23 14:07:05 +01:00
parent a605fcabae
commit 34b0167c56
No known key found for this signature in database
GPG Key ID: A36E70F9DC014A15
1 changed files with 12 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
nixos/modules/services/web-servers/caddy.nix
View File

@ -64,32 +64,38 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
systemd.services.caddy = { systemd.services.caddy = {
description = "Caddy web server"; description = "Caddy web server";
# upstream unit: https://github.com/caddyserver/caddy/blob/master/dist/init/linux-systemd/caddy.service
after = [ "network-online.target" ]; after = [ "network-online.target" ];
wants = [ "network-online.target" ]; # systemd-networkd-wait-online.service
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
environment = mkIf (versionAtLeast config.system.stateVersion "17.09") environment = mkIf (versionAtLeast config.system.stateVersion "17.09")
{ CADDYPATH = cfg.dataDir; }; { CADDYPATH = cfg.dataDir; };
serviceConfig = { serviceConfig = {
ExecStart = '' ExecStart = ''
${cfg.package}/bin/caddy -root=/var/tmp -conf=${configFile} \ ${cfg.package}/bin/caddy -log stdout -log-timestamps=false \
-root=/var/tmp -conf=${configFile} \
-ca=${cfg.ca} -email=${cfg.email} ${optionalString cfg.agree "-agree"} -ca=${cfg.ca} -email=${cfg.email} ${optionalString cfg.agree "-agree"}
''; '';
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID";
Type = "simple"; Type = "simple";
User = "caddy"; User = "caddy";
Group = "caddy"; Group = "caddy";
Restart = "on-failure"; Restart = "on-abnormal";
StartLimitInterval = 86400; StartLimitIntervalSec = 14400;
StartLimitBurst = 5; StartLimitBurst = 10;
AmbientCapabilities = "cap_net_bind_service"; AmbientCapabilities = "cap_net_bind_service";
CapabilityBoundingSet = "cap_net_bind_service"; CapabilityBoundingSet = "cap_net_bind_service";
NoNewPrivileges = true; NoNewPrivileges = true;
LimitNPROC = 64; LimitNPROC = 512;
LimitNOFILE = 1048576; LimitNOFILE = 1048576;
PrivateTmp = true; PrivateTmp = true;
PrivateDevices = true; PrivateDevices = true;
ProtectHome = true; ProtectHome = true;
ProtectSystem = "full"; ProtectSystem = "full";
ReadWriteDirectories = cfg.dataDir; ReadWriteDirectories = cfg.dataDir;
KillMode = "mixed";
KillSignal = "SIGQUIT";
TimeoutStopSec = "5s";
}; };
}; };