mirror of https://gitlab.com/curben/blog
post(nixos): add systemd start-rate limit for older nixos
This commit is contained in:
parent
1cb712b5e3
commit
778247fff6
|
@ -101,7 +101,8 @@ in {
|
||||||
environment = mkIf (versionAtLeast config.system.stateVersion "17.09")
|
environment = mkIf (versionAtLeast config.system.stateVersion "17.09")
|
||||||
{ CADDYPATH = cfg.dataDir; };
|
{ CADDYPATH = cfg.dataDir; };
|
||||||
startLimitIntervalSec = 86400;
|
startLimitIntervalSec = 86400;
|
||||||
startLimitBurst = 5;
|
# 20.09+
|
||||||
|
# startLimitBurst = 5;
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = ''
|
ExecStart = ''
|
||||||
${cfg.package}/bin/caddy -root=/var/tmp -conf=${cfg.config}
|
${cfg.package}/bin/caddy -root=/var/tmp -conf=${cfg.config}
|
||||||
|
@ -111,6 +112,8 @@ in {
|
||||||
User = "caddyProxy";
|
User = "caddyProxy";
|
||||||
Group = "caddyProxy";
|
Group = "caddyProxy";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
|
# <= 20.03
|
||||||
|
StartLimitBurst = 5;
|
||||||
NoNewPrivileges = true;
|
NoNewPrivileges = true;
|
||||||
LimitNPROC = 64;
|
LimitNPROC = 64;
|
||||||
LimitNOFILE = 1048576;
|
LimitNOFILE = 1048576;
|
||||||
|
|
|
@ -80,23 +80,19 @@ in {
|
||||||
environment = mkIf (versionAtLeast config.system.stateVersion "17.09" && !isCaddy2)
|
environment = mkIf (versionAtLeast config.system.stateVersion "17.09" && !isCaddy2)
|
||||||
{ CADDYPATH = cfg.dataDir; };
|
{ CADDYPATH = cfg.dataDir; };
|
||||||
startLimitIntervalSec = 86400;
|
startLimitIntervalSec = 86400;
|
||||||
startLimitBurst = 5;
|
# 20.09+
|
||||||
|
# startLimitBurst = 5;
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = if isCaddy2 then ''
|
ExecStart = ''
|
||||||
${cfg.package}/bin/caddy run --config ${cfg.config} --adapter ${cfg.adapter}
|
|
||||||
'' else ''
|
|
||||||
${cfg.package}/bin/caddy -root=/var/tmp -conf=${cfg.config}
|
${cfg.package}/bin/caddy -root=/var/tmp -conf=${cfg.config}
|
||||||
'';
|
'';
|
||||||
ExecReload = if isCaddy2 then ''
|
|
||||||
${cfg.package}/bin/caddy reload --config ${cfg.config} --adapter ${cfg.adapter}
|
|
||||||
'' else ''
|
|
||||||
"${pkgs.coreutils}/bin/kill -HUP $MAINPID"
|
|
||||||
'';
|
|
||||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
User = "caddy";
|
User = "caddyProxy";
|
||||||
Group = "caddy";
|
Group = "caddyProxy";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
|
# <= 20.03
|
||||||
|
StartLimitBurst = 5;
|
||||||
NoNewPrivileges = true;
|
NoNewPrivileges = true;
|
||||||
LimitNPROC = 64;
|
LimitNPROC = 64;
|
||||||
LimitNOFILE = 1048576;
|
LimitNOFILE = 1048576;
|
||||||
|
|
|
@ -149,16 +149,19 @@ in {
|
||||||
environment = mkIf (versionAtLeast config.system.stateVersion "17.09")
|
environment = mkIf (versionAtLeast config.system.stateVersion "17.09")
|
||||||
{ CADDYPATH = cfg.dataDir; };
|
{ CADDYPATH = cfg.dataDir; };
|
||||||
startLimitIntervalSec = 86400;
|
startLimitIntervalSec = 86400;
|
||||||
startLimitBurst = 5;
|
# 20.09+
|
||||||
|
# startLimitBurst = 5;
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = ''
|
ExecStart = ''
|
||||||
${cfg.package}/bin/caddy -root=/var/tmp -conf=${cfg.config}
|
${cfg.package}/bin/caddy -root=/var/tmp -conf=${cfg.config}
|
||||||
'';
|
'';
|
||||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
User = "caddyI2p";
|
User = "caddyProxy";
|
||||||
Group = "caddyI2p";
|
Group = "caddyProxy";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
|
# <= 20.03
|
||||||
|
StartLimitBurst = 5;
|
||||||
NoNewPrivileges = true;
|
NoNewPrivileges = true;
|
||||||
LimitNPROC = 64;
|
LimitNPROC = 64;
|
||||||
LimitNOFILE = 1048576;
|
LimitNOFILE = 1048576;
|
||||||
|
|
|
@ -124,16 +124,19 @@ in {
|
||||||
environment = mkIf (versionAtLeast config.system.stateVersion "17.09")
|
environment = mkIf (versionAtLeast config.system.stateVersion "17.09")
|
||||||
{ CADDYPATH = cfg.dataDir; };
|
{ CADDYPATH = cfg.dataDir; };
|
||||||
startLimitIntervalSec = 86400;
|
startLimitIntervalSec = 86400;
|
||||||
startLimitBurst = 5;
|
# 20.09+
|
||||||
|
# startLimitBurst = 5;
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = ''
|
ExecStart = ''
|
||||||
${cfg.package}/bin/caddy -root=/var/tmp -conf=${cfg.config}
|
${cfg.package}/bin/caddy -root=/var/tmp -conf=${cfg.config}
|
||||||
'';
|
'';
|
||||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
User = "caddyTor";
|
User = "caddyProxy";
|
||||||
Group = "caddyTor";
|
Group = "caddyProxy";
|
||||||
Restart = "on-failure";
|
Restart = "on-failure";
|
||||||
|
# <= 20.03
|
||||||
|
StartLimitBurst = 5;
|
||||||
NoNewPrivileges = true;
|
NoNewPrivileges = true;
|
||||||
LimitNPROC = 64;
|
LimitNPROC = 64;
|
||||||
LimitNOFILE = 1048576;
|
LimitNOFILE = 1048576;
|
||||||
|
|
Loading…
Reference in New Issue