From bdccd2c11162cc69df2f0dcd397c35e925cac868 Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Thu, 26 May 2022 22:47:40 +0200
Subject: fix(ops/modules): Increase `RestartSec=` of oauth2_proxy service

When Keycloak and oauth2_proxy are restarted simultaneously, the
latter might try to come up (repeatedly!) before Keycloak can serve it
properly.

This leads to systemd considering the unit failed.

Since this all happens in the span of a second or so, slightly
increase the restart delay of the service to ensure it comes back
after Keycloak is ready.

A "proper" fix might be to add a script that runs before the actual
service and waits for Keycloak, but I don't want to prioritise that
right now.

Change-Id: I4dadba686de60ffc103fe889ce19f05ca1d7d4fe
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5695
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
---
 ops/modules/oauth2_proxy.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ops/modules/oauth2_proxy.nix b/ops/modules/oauth2_proxy.nix
index e92572365d..23afa7bce0 100644
--- a/ops/modules/oauth2_proxy.nix
+++ b/ops/modules/oauth2_proxy.nix
@@ -50,6 +50,7 @@ in
 
       serviceConfig = {
         Restart = "always";
+        RestartSec = "5s";
         DynamicUser = true;
         EnvironmentFile = cfg.secretsFile;
         ExecStart = "${pkgs.oauth2_proxy}/bin/oauth2-proxy --config ${configFile}";
-- 
cgit 1.4.1