nixos/caddy: resync with upstream unit file
This commit is contained in:
parent
a605fcabae
commit
34b0167c56
@ -64,32 +64,38 @@ in {
|
||||
config = mkIf cfg.enable {
|
||||
systemd.services.caddy = {
|
||||
description = "Caddy web server";
|
||||
# upstream unit: https://github.com/caddyserver/caddy/blob/master/dist/init/linux-systemd/caddy.service
|
||||
after = [ "network-online.target" ];
|
||||
wants = [ "network-online.target" ]; # systemd-networkd-wait-online.service
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
environment = mkIf (versionAtLeast config.system.stateVersion "17.09")
|
||||
{ CADDYPATH = cfg.dataDir; };
|
||||
serviceConfig = {
|
||||
ExecStart = ''
|
||||
${cfg.package}/bin/caddy -root=/var/tmp -conf=${configFile} \
|
||||
${cfg.package}/bin/caddy -log stdout -log-timestamps=false \
|
||||
-root=/var/tmp -conf=${configFile} \
|
||||
-ca=${cfg.ca} -email=${cfg.email} ${optionalString cfg.agree "-agree"}
|
||||
'';
|
||||
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
|
||||
ExecReload = "${pkgs.coreutils}/bin/kill -USR1 $MAINPID";
|
||||
Type = "simple";
|
||||
User = "caddy";
|
||||
Group = "caddy";
|
||||
Restart = "on-failure";
|
||||
StartLimitInterval = 86400;
|
||||
StartLimitBurst = 5;
|
||||
Restart = "on-abnormal";
|
||||
StartLimitIntervalSec = 14400;
|
||||
StartLimitBurst = 10;
|
||||
AmbientCapabilities = "cap_net_bind_service";
|
||||
CapabilityBoundingSet = "cap_net_bind_service";
|
||||
NoNewPrivileges = true;
|
||||
LimitNPROC = 64;
|
||||
LimitNPROC = 512;
|
||||
LimitNOFILE = 1048576;
|
||||
PrivateTmp = true;
|
||||
PrivateDevices = true;
|
||||
ProtectHome = true;
|
||||
ProtectSystem = "full";
|
||||
ReadWriteDirectories = cfg.dataDir;
|
||||
KillMode = "mixed";
|
||||
KillSignal = "SIGQUIT";
|
||||
TimeoutStopSec = "5s";
|
||||
};
|
||||
};
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user