From bdccd2c11162cc69df2f0dcd397c35e925cac868 Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Thu, 26 May 2022 22:47:40 +0200 Subject: fix(ops/modules): Increase `RestartSec=` of oauth2_proxy service When Keycloak and oauth2_proxy are restarted simultaneously, the latter might try to come up (repeatedly!) before Keycloak can serve it properly. This leads to systemd considering the unit failed. Since this all happens in the span of a second or so, slightly increase the restart delay of the service to ensure it comes back after Keycloak is ready. A "proper" fix might be to add a script that runs before the actual service and waits for Keycloak, but I don't want to prioritise that right now. Change-Id: I4dadba686de60ffc103fe889ce19f05ca1d7d4fe Reviewed-on: https://cl.tvl.fyi/c/depot/+/5695 Tested-by: BuildkiteCI Reviewed-by: sterni --- ops/modules/oauth2_proxy.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/ops/modules/oauth2_proxy.nix b/ops/modules/oauth2_proxy.nix index e92572365d52..23afa7bce084 100644 --- a/ops/modules/oauth2_proxy.nix +++ b/ops/modules/oauth2_proxy.nix @@ -50,6 +50,7 @@ in serviceConfig = { Restart = "always"; + RestartSec = "5s"; DynamicUser = true; EnvironmentFile = cfg.secretsFile; ExecStart = "${pkgs.oauth2_proxy}/bin/oauth2-proxy --config ${configFile}"; -- cgit 1.4.1