curben
/
blog
mirror of https://gitlab.com/curben/blog
1
0
Fork 0
Code Issues Releases Wiki Activity

post(nixos): add systemd start-rate limit for older nixos

This commit is contained in:
MDLeom 2020-09-12 05:04:37 +00:00
parent 1cb712b5e3
commit 778247fff6
No known key found for this signature in database
GPG Key ID: 32D3E28E96A695E8
4 changed files with 23 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
source/_posts/caddy-nixos-part-3.md
View File

@ -101,7 +101,8 @@ in {
environment = mkIf (versionAtLeast config.system.stateVersion "17.09") environment = mkIf (versionAtLeast config.system.stateVersion "17.09")
{ CADDYPATH = cfg.dataDir; }; { CADDYPATH = cfg.dataDir; };
startLimitIntervalSec = 86400; startLimitIntervalSec = 86400;
startLimitBurst = 5; # 20.09+
# startLimitBurst = 5;
serviceConfig = { serviceConfig = {
ExecStart = '' ExecStart = ''
${cfg.package}/bin/caddy -root=/var/tmp -conf=${cfg.config} ${cfg.package}/bin/caddy -root=/var/tmp -conf=${cfg.config}
@ -111,6 +112,8 @@ in {
User = "caddyProxy"; User = "caddyProxy";
Group = "caddyProxy"; Group = "caddyProxy";
Restart = "on-failure"; Restart = "on-failure";
# <= 20.03
StartLimitBurst = 5;
NoNewPrivileges = true; NoNewPrivileges = true;
LimitNPROC = 64; LimitNPROC = 64;
LimitNOFILE = 1048576; LimitNOFILE = 1048576;

18
source/_posts/caddy-v2-nixos.md
View File

@ -80,23 +80,19 @@ in {
environment = mkIf (versionAtLeast config.system.stateVersion "17.09" && !isCaddy2) environment = mkIf (versionAtLeast config.system.stateVersion "17.09" && !isCaddy2)
{ CADDYPATH = cfg.dataDir; }; { CADDYPATH = cfg.dataDir; };
startLimitIntervalSec = 86400; startLimitIntervalSec = 86400;
startLimitBurst = 5; # 20.09+
# startLimitBurst = 5;
serviceConfig = { serviceConfig = {
ExecStart = if isCaddy2 then '' ExecStart = ''
${cfg.package}/bin/caddy run --config ${cfg.config} --adapter ${cfg.adapter}
'' else ''
${cfg.package}/bin/caddy -root=/var/tmp -conf=${cfg.config} ${cfg.package}/bin/caddy -root=/var/tmp -conf=${cfg.config}
''; '';
ExecReload = if isCaddy2 then ''
${cfg.package}/bin/caddy reload --config ${cfg.config} --adapter ${cfg.adapter}
'' else ''
"${pkgs.coreutils}/bin/kill -HUP $MAINPID"
'';
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
Type = "simple"; Type = "simple";
User = "caddy"; User = "caddyProxy";
Group = "caddy"; Group = "caddyProxy";
Restart = "on-failure"; Restart = "on-failure";
# <= 20.03
StartLimitBurst = 5;
NoNewPrivileges = true; NoNewPrivileges = true;
LimitNPROC = 64; LimitNPROC = 64;
LimitNOFILE = 1048576; LimitNOFILE = 1048576;

9
source/_posts/i2p-eepsite-nixos.md
View File

@ -149,16 +149,19 @@ in {
environment = mkIf (versionAtLeast config.system.stateVersion "17.09") environment = mkIf (versionAtLeast config.system.stateVersion "17.09")
{ CADDYPATH = cfg.dataDir; }; { CADDYPATH = cfg.dataDir; };
startLimitIntervalSec = 86400; startLimitIntervalSec = 86400;
startLimitBurst = 5; # 20.09+
# startLimitBurst = 5;
serviceConfig = { serviceConfig = {
ExecStart = '' ExecStart = ''
${cfg.package}/bin/caddy -root=/var/tmp -conf=${cfg.config} ${cfg.package}/bin/caddy -root=/var/tmp -conf=${cfg.config}
''; '';
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
Type = "simple"; Type = "simple";
User = "caddyI2p"; User = "caddyProxy";
Group = "caddyI2p"; Group = "caddyProxy";
Restart = "on-failure"; Restart = "on-failure";
# <= 20.03
StartLimitBurst = 5;
NoNewPrivileges = true; NoNewPrivileges = true;
LimitNPROC = 64; LimitNPROC = 64;
LimitNOFILE = 1048576; LimitNOFILE = 1048576;

9
source/_posts/tor-hidden-onion-nixos.md
View File

@ -124,16 +124,19 @@ in {
environment = mkIf (versionAtLeast config.system.stateVersion "17.09") environment = mkIf (versionAtLeast config.system.stateVersion "17.09")
{ CADDYPATH = cfg.dataDir; }; { CADDYPATH = cfg.dataDir; };
startLimitIntervalSec = 86400; startLimitIntervalSec = 86400;
startLimitBurst = 5; # 20.09+
# startLimitBurst = 5;
serviceConfig = { serviceConfig = {
ExecStart = '' ExecStart = ''
${cfg.package}/bin/caddy -root=/var/tmp -conf=${cfg.config} ${cfg.package}/bin/caddy -root=/var/tmp -conf=${cfg.config}
''; '';
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
Type = "simple"; Type = "simple";
User = "caddyTor"; User = "caddyProxy";
Group = "caddyTor"; Group = "caddyProxy";
Restart = "on-failure"; Restart = "on-failure";
# <= 20.03
StartLimitBurst = 5;
NoNewPrivileges = true; NoNewPrivileges = true;
LimitNPROC = 64; LimitNPROC = 64;
LimitNOFILE = 1048576; LimitNOFILE = 1048576;