Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

All uses of StartLimitInterval in NixOS are wrong #45786

Closed
nh2 opened this issue Aug 30, 2018 · 2 comments
Closed

All uses of StartLimitInterval in NixOS are wrong #45786

nh2 opened this issue Aug 30, 2018 · 2 comments
Labels
6.topic: nixos

Comments

@nh2
Copy link
Contributor

nh2 commented Aug 30, 2018
edited
Loading

Issue description

Lots of services (around 20) use

serviceConfig = {
   ...
   StartLimitInterval = "30s";
};

This is wrong, it should be in unitConfig, not serviceConfig, so the setting is ignored.

See the systemd.unit man page, not systemd.service man page, that has StartLimitIntervalSec: https://www.freedesktop.org/software/systemd/man/systemd.unit.html

Also see https://selivan.github.io/2017/12/30/systemd-serice-always-restart.html

Related #45785

Impact

With commit 74495e4 being current master, here's a quick widespreadness analysis of the issue:

% git grep -B10 'StartLimitInterval' 74495e4f3afe5f5467dce80842105e9b841a8c91 | cat
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/hardware/lcd.nix-      lcdproc = mkIf cfg.client.enable {
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/hardware/lcd.nix-        description = "LCDproc - client";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/hardware/lcd.nix-        after = [ "lcdd.service" ];
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/hardware/lcd.nix-        wantedBy = [ "lcd.target" ];
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/hardware/lcd.nix-        serviceConfig = serviceCfg // {
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/hardware/lcd.nix-          ExecStart = "${pkg}/bin/lcdproc -f -c ${clientCfg}";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/hardware/lcd.nix-          # If the server is being restarted at the same time, the client will
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/hardware/lcd.nix-          # fail as it cannot connect, so space it out a bit.
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/hardware/lcd.nix-          RestartSec = "5";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/hardware/lcd.nix-          # Allow restarting for eternity
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/hardware/lcd.nix:          StartLimitIntervalSec = lib.mkIf cfg.client.restartForever "0";
--
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/mail/dovecot.nix-      after = [ "keys.target" "network.target" ];
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/mail/dovecot.nix-      wants = [ "keys.target" ];
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/mail/dovecot.nix-      wantedBy = [ "multi-user.target" ];
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/mail/dovecot.nix-      restartTriggers = [ cfg.configFile ];
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/mail/dovecot.nix-
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/mail/dovecot.nix-      serviceConfig = {
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/mail/dovecot.nix-        ExecStart = "${dovecotPkg}/sbin/dovecot -F";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/mail/dovecot.nix-        ExecReload = "${dovecotPkg}/sbin/doveadm reload";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/mail/dovecot.nix-        Restart = "on-failure";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/mail/dovecot.nix-        RestartSec = "1s";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/mail/dovecot.nix:        StartLimitInterval = "1min";
--
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/autorandr.nix-    services.udev.packages = [ pkgs.autorandr ];
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/autorandr.nix-
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/autorandr.nix-    environment.systemPackages = [ pkgs.autorandr ];
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/autorandr.nix-
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/autorandr.nix-    systemd.services.autorandr = {
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/autorandr.nix-      wantedBy = [ "sleep.target" ];
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/autorandr.nix-      description = "Autorandr execution hook";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/autorandr.nix-      after = [ "sleep.target" ];
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/autorandr.nix-
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/autorandr.nix-      serviceConfig = {
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/autorandr.nix:        StartLimitInterval = 5;
--
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/cgminer.nix-        DISPLAY = ":${toString config.services.xserver.display}";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/cgminer.nix-        GPU_MAX_ALLOC_PERCENT = "100";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/cgminer.nix-        GPU_USE_SYNC_OBJECTS = "1";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/cgminer.nix-      };
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/cgminer.nix-
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/cgminer.nix-      serviceConfig = {
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/cgminer.nix-        ExecStart = "${pkgs.cgminer}/bin/cgminer --syslog --text-only --config ${cgminerConfig}";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/cgminer.nix-        User = cfg.user;
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/cgminer.nix-        RestartSec = "30s";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/cgminer.nix-        Restart = "always";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/cgminer.nix:        StartLimitInterval = "1m";
--
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/phd.nix-
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/phd.nix-      after = [ "httpd.service" ];
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/phd.nix-      wantedBy = [ "multi-user.target" ];
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/phd.nix-
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/phd.nix-      serviceConfig = {
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/phd.nix-        ExecStart = "${pkgs.phabricator}/phabricator/bin/phd start";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/phd.nix-        ExecStop = "${pkgs.phabricator}/phabricator/bin/phd stop";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/phd.nix-        User = "wwwrun";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/phd.nix-        RestartSec = "30s";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/phd.nix-        Restart = "always";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/phd.nix:        StartLimitInterval = "1m";
--
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/pykms.nix-
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/pykms.nix-let
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/pykms.nix-  cfg = config.services.pykms;
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/pykms.nix-
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/pykms.nix-  home = "/var/lib/pykms";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/pykms.nix-
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/pykms.nix-  services = {
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/pykms.nix-    serviceConfig = {
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/pykms.nix-      Restart = "on-failure";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/pykms.nix-      RestartSec = "10s";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/pykms.nix:      StartLimitInterval = "1min";
--
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/safeeyes.nix-
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/safeeyes.nix-      wantedBy = [ "graphical-session.target" ];
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/safeeyes.nix-      partOf   = [ "graphical-session.target" ];
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/safeeyes.nix-
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/safeeyes.nix-      serviceConfig = {
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/safeeyes.nix-        ExecStart = ''
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/safeeyes.nix-          ${pkgs.safeeyes}/bin/safeeyes
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/safeeyes.nix-        '';
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/safeeyes.nix-        Restart = "on-failure";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/safeeyes.nix-        RestartSec = 3;
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/misc/safeeyes.nix:        StartLimitInterval = 350;
--
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/monitoring/teamviewer.nix-      wantedBy = [ "multi-user.target" ];
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/monitoring/teamviewer.nix-      after = [ "NetworkManager-wait-online.service" "network.target" ];
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/monitoring/teamviewer.nix-      preStart = "mkdir -pv /var/lib/teamviewer /var/log/teamviewer";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/monitoring/teamviewer.nix-
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/monitoring/teamviewer.nix-      serviceConfig = {
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/monitoring/teamviewer.nix-        Type = "forking";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/monitoring/teamviewer.nix-        ExecStart = "${pkgs.teamviewer}/bin/teamviewerd -d";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/monitoring/teamviewer.nix-        PIDFile = "/run/teamviewerd.pid";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/monitoring/teamviewer.nix-        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/monitoring/teamviewer.nix-        Restart = "on-abort";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/monitoring/teamviewer.nix:        StartLimitInterval = "60";
--
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/network-filesystems/ceph.nix-      LimitNOFILE = 1048576;
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/network-filesystems/ceph.nix-      LimitNPROC = 1048576;
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/network-filesystems/ceph.nix-      Environment = "CLUSTER=${clusterName}";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/network-filesystems/ceph.nix-      ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/network-filesystems/ceph.nix-      PrivateDevices = "yes";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/network-filesystems/ceph.nix-      PrivateTmp = "true";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/network-filesystems/ceph.nix-      ProtectHome = "true";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/network-filesystems/ceph.nix-      ProtectSystem = "full";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/network-filesystems/ceph.nix-      Restart = "on-failure";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/network-filesystems/ceph.nix-      StartLimitBurst = "5";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/network-filesystems/ceph.nix:      StartLimitInterval = "30min";
--
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/cjdns.nix-            echo '${cjdrouteConf}' | sed \
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/cjdns.nix-                -e "s/@CJDNS_ADMIN_PASSWORD@/$CJDNS_ADMIN_PASSWORD/g" \
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/cjdns.nix-                -e "s/@CJDNS_PRIVATE_KEY@/$CJDNS_PRIVATE_KEY/g" \
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/cjdns.nix-                | ${pkg}/bin/cjdroute
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/cjdns.nix-         ''
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/cjdns.nix-      );
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/cjdns.nix-
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/cjdns.nix-      serviceConfig = {
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/cjdns.nix-        Type = "forking";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/cjdns.nix-        Restart = "always";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/cjdns.nix:        StartLimitInterval = 0;
--
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/dnsdist.nix-  config = mkIf config.services.dnsdist.enable {
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/dnsdist.nix-    systemd.services.dnsdist = {
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/dnsdist.nix-      description = "dnsdist load balancer";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/dnsdist.nix-      wantedBy = [ "multi-user.target" ];
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/dnsdist.nix-      after = ["network.target"];
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/dnsdist.nix-
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/dnsdist.nix-      serviceConfig = {
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/dnsdist.nix-        Restart="on-failure";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/dnsdist.nix-        RestartSec="1";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/dnsdist.nix-        DynamicUser = true;
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/dnsdist.nix:        StartLimitInterval="0";
--
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/namecoind.nix-        User  = "namecoin";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/namecoind.nix-        Group = "namecoin";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/namecoind.nix-        ExecStart  = "${pkgs.altcoins.namecoind}/bin/namecoind -conf=${configFile} -datadir=${dataDir} -printtoconsole";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/namecoind.nix-        ExecStop   = "${pkgs.coreutils}/bin/kill -KILL $MAINPID";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/namecoind.nix-        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/namecoind.nix-        Nice = "10";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/namecoind.nix-        PrivateTmp = true;
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/namecoind.nix-        TimeoutStopSec     = "60s";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/namecoind.nix-        TimeoutStartSec    = "2s";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/namecoind.nix-        Restart            = "always";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/namecoind.nix:        StartLimitInterval = "120s";
--
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/nsd.nix-      wantedBy = [ "multi-user.target" ];
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/nsd.nix-      wants = [ "keys.target" ];
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/nsd.nix-
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/nsd.nix-      serviceConfig = {
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/nsd.nix-        ExecStart = "${nsdPkg}/sbin/nsd -d -c ${nsdEnv}/nsd.conf";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/nsd.nix-        StandardError = "null";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/nsd.nix-        PIDFile = pidFile;
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/nsd.nix-        Restart = "always";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/nsd.nix-        RestartSec = "4s";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/nsd.nix-        StartLimitBurst = 4;
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/nsd.nix:        StartLimitInterval = "5min";
--
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/powerdns.nix-  config = mkIf config.services.powerdns.enable {
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/powerdns.nix-    systemd.services.pdns = {
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/powerdns.nix-      unitConfig.Documentation = "man:pdns_server(1) man:pdns_control(1)";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/powerdns.nix-      description = "Powerdns name server";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/powerdns.nix-      wantedBy = [ "multi-user.target" ];
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/powerdns.nix-      after = ["network.target" "mysql.service" "postgresql.service" "openldap.service"];
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/powerdns.nix-
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/powerdns.nix-      serviceConfig = {
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/powerdns.nix-        Restart="on-failure";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/powerdns.nix-        RestartSec="1";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/powerdns.nix:        StartLimitInterval="0";
--
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/supybot.nix-        rm -f supybot.cfg.bak
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/supybot.nix-      '';
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/supybot.nix-
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/supybot.nix-      serviceConfig = {
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/supybot.nix-        ExecStart = "${pkgs.pythonPackages.limnoria}/bin/supybot ${cfg.stateDir}/supybot.cfg";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/supybot.nix-        PIDFile = "/run/supybot.pid";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/supybot.nix-        User = "supybot";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/supybot.nix-        Group = "supybot";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/supybot.nix-        UMask = "0007";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/supybot.nix-        Restart = "on-abort";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/networking/supybot.nix:        StartLimitInterval = "5m";
--
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/security/vault.nix-        ExecStart = "${cfg.package}/bin/vault server -config ${configFile}";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/security/vault.nix-        PrivateDevices = true;
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/security/vault.nix-        PrivateTmp = true;
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/security/vault.nix-        ProtectSystem = "full";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/security/vault.nix-        ProtectHome = "read-only";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/security/vault.nix-        AmbientCapabilities = "cap_ipc_lock";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/security/vault.nix-        NoNewPrivileges = true;
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/security/vault.nix-        KillSignal = "SIGINT";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/security/vault.nix-        TimeoutStopSec = "30s";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/security/vault.nix-        Restart = "on-failure";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/security/vault.nix:        StartLimitInterval = "60s";
--
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/caddy.nix-      serviceConfig = {
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/caddy.nix-        ExecStart = ''
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/caddy.nix-          ${cfg.package.bin}/bin/caddy -root=/var/tmp -conf=${configFile} \
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/caddy.nix-            -ca=${cfg.ca} -email=${cfg.email} ${optionalString cfg.agree "-agree"}
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/caddy.nix-        '';
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/caddy.nix-        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/caddy.nix-        Type = "simple";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/caddy.nix-        User = "caddy";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/caddy.nix-        Group = "caddy";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/caddy.nix-        Restart = "on-failure";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/caddy.nix:        StartLimitInterval = 86400;
--
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/nginx/default.nix-        mkdir -p ${cfg.stateDir}/logs
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/nginx/default.nix-        chmod 700 ${cfg.stateDir}
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/nginx/default.nix-        chown -R ${cfg.user}:${cfg.group} ${cfg.stateDir}
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/nginx/default.nix-        ${cfg.package}/bin/nginx -c ${configFile} -p ${cfg.stateDir} -t
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/nginx/default.nix-        '';
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/nginx/default.nix-      serviceConfig = {
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/nginx/default.nix-        ExecStart = "${cfg.package}/bin/nginx -c ${configFile} -p ${cfg.stateDir}";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/nginx/default.nix-        ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/nginx/default.nix-        Restart = "always";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/nginx/default.nix-        RestartSec = "10s";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/nginx/default.nix:        StartLimitInterval = "1min";
--
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/traefik.nix-        ExecStart = ''${cfg.package.bin}/bin/traefik --configfile=${configFile}'';
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/traefik.nix-        ExecStartPre = [
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/traefik.nix-          ''${pkgs.coreutils}/bin/mkdir -p "${cfg.dataDir}"''
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/traefik.nix-          ''${pkgs.coreutils}/bin/chmod 700 "${cfg.dataDir}"''
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/traefik.nix-          ''${pkgs.coreutils}/bin/chown -R traefik:traefik "${cfg.dataDir}"''
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/traefik.nix-        ];
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/traefik.nix-        Type = "simple";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/traefik.nix-        User = "traefik";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/traefik.nix-        Group = cfg.group;
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/traefik.nix-        Restart = "on-failure";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/web-servers/traefik.nix:        StartLimitInterval = 86400;
--
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/x11/xserver.nix-          '';
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/x11/xserver.nix-
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/x11/xserver.nix-        script = "${cfg.displayManager.job.execCmd}";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/x11/xserver.nix-
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/x11/xserver.nix-        serviceConfig = {
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/x11/xserver.nix-          Restart = "always";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/x11/xserver.nix-          RestartSec = "200ms";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/x11/xserver.nix-          SyslogIdentifier = "display-manager";
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/x11/xserver.nix-          # Stop restarting if the display manager stops (crashes) 2 times
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/x11/xserver.nix-          # in one minute. Starting X typically takes 3-4s.
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/services/x11/xserver.nix:          StartLimitInterval = "30s";
--
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/system/boot/systemd-unit-options.nix-        Packages added to the service's <envar>PATH</envar>
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/system/boot/systemd-unit-options.nix-        environment variable.  Both the <filename>bin</filename>
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/system/boot/systemd-unit-options.nix-        and <filename>sbin</filename> subdirectories of each
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/system/boot/systemd-unit-options.nix-        package are added.
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/system/boot/systemd-unit-options.nix-      '';
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/system/boot/systemd-unit-options.nix-    };
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/system/boot/systemd-unit-options.nix-
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/system/boot/systemd-unit-options.nix-    serviceConfig = mkOption {
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/system/boot/systemd-unit-options.nix-      default = {};
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/system/boot/systemd-unit-options.nix-      example =
74495e4f3afe5f5467dce80842105e9b841a8c91:nixos/modules/system/boot/systemd-unit-options.nix:        { StartLimitInterval = 10;
@nh2 nh2 mentioned this issue Aug 30, 2018
Closed
1 task
@cyounkins
Copy link
Contributor

In [1] the StartLimitInterval property was moved from [Service] to [Unit], but "For compatibility the four options may also be configured in the [Service] section still, but we only document them in their new section [Unit]." According to [2] the new StartLimitIntervalSec property is only valid in [Unit].

I agree we should use StartLimitIntervalSec, but it looks like the old property still works in both locations. Could we close this in favor of #45785 as the current usage has the intended effect?

[1] systemd/systemd@6bf0f40
[2] https://lists.freedesktop.org/archives/systemd-devel/2017-July/039255.html

@nh2
Copy link
Contributor Author

nh2 commented Nov 20, 2018

@cyounkins Nice find, I agree with the suggestion.

We should probably also try and make usage of StartLimitInterval in the old section emit a warning when it's used, as having it in the new section has the benefit as mentioned:

This way we can enforce the start limit much earlier, in particular before testing the unit conditions, so that repeated start-up failure due to failed conditions is also considered for the start limit logic.

@nh2 nh2 closed this as completed Nov 20, 2018
nh2 pushed a commit to lf-/nixpkgs that referenced this issue Oct 31, 2020
@lf- @nh2
nixos/modules: deprecation warning for StartLimitInterval in [Service]
644079e 
This implements
NixOS#45786 (comment)
@dhess dhess mentioned this issue Dec 26, 2020
Closed
kaii-zen pushed a commit to input-output-hk/bitte that referenced this issue Jun 24, 2021
Fix deprecation warnings
4e3d853 
See NixOS/nixpkgs#45786
kaii-zen pushed a commit to input-output-hk/bitte that referenced this issue Jun 25, 2021
Fix deprecation warnings
a2783aa 
See NixOS/nixpkgs#45786
kaii-zen pushed a commit to input-output-hk/bitte that referenced this issue Jun 30, 2021
Default to 21.05, standard shell, binary cache aggregation, eliminati…
e93d5a7 
…on of etwa alte scheiße 😌 (#38)

* Copy devShell template work from old darwin branch
* Remove `numtide/devshell` (@manveru had an issue with it... don't remember exactly what it was)
* Consume `bitte-cli` as an overlay
* Fix breakages due to changes in `nixpkgs` API (`stdenv.lib` removal, obsolescence of `goPackagePath` etc)
* Add (new?) upstream nixos modules to `disabledModules` so that they don't interfere with ours. This includes `nomad`, `promtail` and `ssm-agent`
* Add `isSystemUser = true;` to `ssm-agent` user as it is now required.
* Fix deprecation warnings (NixOS/nixpkgs#45786)
* Remove derivable arguments from `mkHashiStack` and derive them instead
* Use `nixpkgs`/`nixos-2105` branch as baseline
* Alias `nix` -> `nixUnstable` in overlay to avoid tripping current `nixos-rebuild`
* Use hydra from git as the `nixpkgs` version was having build issues at the time of this writing
* Remove cachix as it is no longer used and currently fails to build
* Use `NIX_CONFIG` and the newish `extra-` prefix to implement repository-specific binary caches via the `devShell` template.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
6.topic: nixos
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cyounkins @nh2 @vcunat