about summary refs log tree commit diff
path: root/ops/modules
diff options
context:
space:
mode:
authorVincent Ambo <mail@tazj.in>2022-05-26T20·47+0200
committertazjin <tazjin@tvl.su>2022-05-27T21·10+0000
commitbdccd2c11162cc69df2f0dcd397c35e925cac868 (patch)
tree35083c0ab02c984f44e3efddf5e1f233bfd955c6 /ops/modules
parent1521599fe215fa1e815d36458314deceb742213c (diff)
fix(ops/modules): Increase `RestartSec=` of oauth2_proxy service r/4147
When Keycloak and oauth2_proxy are restarted simultaneously, the
latter might try to come up (repeatedly!) before Keycloak can serve it
properly.

This leads to systemd considering the unit failed.

Since this all happens in the span of a second or so, slightly
increase the restart delay of the service to ensure it comes back
after Keycloak is ready.

A "proper" fix might be to add a script that runs before the actual
service and waits for Keycloak, but I don't want to prioritise that
right now.

Change-Id: I4dadba686de60ffc103fe889ce19f05ca1d7d4fe
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5695
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Diffstat (limited to 'ops/modules')
-rw-r--r--ops/modules/oauth2_proxy.nix1
1 files changed, 1 insertions, 0 deletions
diff --git a/ops/modules/oauth2_proxy.nix b/ops/modules/oauth2_proxy.nix
index e92572365d52..23afa7bce084 100644
--- a/ops/modules/oauth2_proxy.nix
+++ b/ops/modules/oauth2_proxy.nix
@@ -50,6 +50,7 @@ in
 
       serviceConfig = {
         Restart = "always";
+        RestartSec = "5s";
         DynamicUser = true;
         EnvironmentFile = cfg.secretsFile;
         ExecStart = "${pkgs.oauth2_proxy}/bin/oauth2-proxy --config ${configFile}";