diff options
author | lf- <lf-@users.noreply.github.com> | 2020-09-09 00:31:27 -0700 |
---|---|---|
committer | lf- <lf-@users.noreply.github.com> | 2020-10-31 01:35:56 -0700 |
commit | b37bbca521556d30e564896eea56b41d63324fdf (patch) | |
tree | dff16af1c82314e010a1350c263d2f97426c16c9 /nixos/modules/services/web-servers/traefik.nix | |
parent | 2df221ec8a95566ba771f102fd421c12b41d875c (diff) |
nixos/modules: fix systemd start rate-limits
These were broken since 2016: https://github.com/systemd/systemd/commit/f0367da7d1a61ad698a55d17b5c28ddce0dc265a since StartLimitIntervalSec got moved into [Unit] from [Service]. StartLimitBurst has also been moved accordingly, so let's fix that one too. NixOS systems have been producing logs such as: /nix/store/wf98r55aszi1bkmln1lvdbp7znsfr70i-unit-caddy.service/caddy.service:31: Unknown key name 'StartLimitIntervalSec' in section 'Service', ignoring. I have also removed some unnecessary duplication in units disabling rate limiting since setting either interval or burst to zero disables it (https://github.com/systemd/systemd/blob/ad16158c10dfc3258831a9ff2f1a988214f51653/src/basic/ratelimit.c#L16)
Diffstat (limited to 'nixos/modules/services/web-servers/traefik.nix')
-rw-r--r-- | nixos/modules/services/web-servers/traefik.nix | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/nixos/modules/services/web-servers/traefik.nix b/nixos/modules/services/web-servers/traefik.nix index 4ab7307c3b671..3d29199dd4549 100644 --- a/nixos/modules/services/web-servers/traefik.nix +++ b/nixos/modules/services/web-servers/traefik.nix @@ -136,6 +136,8 @@ in { description = "Traefik web server"; after = [ "network-online.target" ]; wantedBy = [ "multi-user.target" ]; + startLimitIntervalSec = 86400; + startLimitBurst = 5; serviceConfig = { ExecStart = "${cfg.package}/bin/traefik --configfile=${staticConfigFile}"; @@ -143,8 +145,6 @@ in { User = "traefik"; Group = cfg.group; Restart = "on-failure"; - StartLimitInterval = 86400; - StartLimitBurst = 5; AmbientCapabilities = "cap_net_bind_service"; CapabilityBoundingSet = "cap_net_bind_service"; NoNewPrivileges = true; |