pyrox.dev / nixpkgs
lol
fork atom

nixos/postgresql: set Restart=always for postgresql.service

...including a slightly more careful config around restarts, i.e.

* We have intervals of 5 seconds between restarts instead of 100ms.

* If we exceed 5 start attempts in 5*120s (with 120s being the timeout),
start job gets rate-limited and thus aborted. Do note that there are
at most 5 start attempts allowed in ~625s by default. If the startup
fails very quickly, either wait until the rate-limit is over or reset
the counter using `systemctl reset-failed postgresql.service`.

* The interval of 625s (plus 5s of buffer) are automatically derived
from RestartSec & TimeoutSec. Changing either will also affect
StartLimitIntervalSec unless overridden with `mkForce`.

Maximilian Bosch 6ae194e4 03d0fed6

options
unified split
Changed files
+22 -1
nixos
modules
services
databases
postgresql.nix
tests
postgresql
postgresql.nix
+16 -1
nixos/modules/services/databases/postgresql.nix 
···

       
826

       
826

       
 

       



     

       
827

       
827

       
 

       
          ExecStart = "${cfg.finalPackage}/bin/postgres";


     

       
828

       
828

       
 

       



     

       

       
829

       
+

       
          Restart = "always";


     

       

       
830

       
+

       



     

       
829

       
831

       
 

       
          # Hardening


     

       
830

       
832

       
 

       
          CapabilityBoundingSet = [ "" ];


     

       
831

       
833

       
 

       
          DevicePolicy = "closed";


     
···

       
877

       
879

       
 

       
        })


     

       
878

       
880

       
 

       
      ];


     

       
879

       
881

       
 

       



     

       
880

       

       
-

       
      unitConfig.RequiresMountsFor = "${cfg.dataDir}";


     

       

       
882

       
+

       
      unitConfig =


     

       

       
883

       
+

       
        let


     

       

       
884

       
+

       
          inherit (config.systemd.services.postgresql.serviceConfig) TimeoutSec;


     

       

       
885

       
+

       
          maxTries = 5;


     

       

       
886

       
+

       
          bufferSec = 5;


     

       

       
887

       
+

       
        in


     

       

       
888

       
+

       
        {


     

       

       
889

       
+

       
          RequiresMountsFor = "${cfg.dataDir}";


     

       

       
890

       
+

       



     

       

       
891

       
+

       
          # The max. time needed to perform `maxTries` start attempts of systemd


     

       

       
892

       
+

       
          # plus a bit of buffer time (bufferSec) on top.


     

       

       
893

       
+

       
          StartLimitIntervalSec = TimeoutSec * maxTries + bufferSec;


     

       

       
894

       
+

       
          StartLimitBurst = maxTries;


     

       

       
895

       
+

       
        };


     

       
881

       
896

       
 

       
    };


     

       
882

       
897

       
 

       



     

       
883

       
898

       
 

       
    systemd.services.postgresql-setup = {
+6
nixos/tests/postgresql/postgresql.nix 
···

       
101

       
101

       
 

       
          machine.fail(check_count("SELECT * FROM sth;", 4))


     

       
102

       
102

       
 

       
          machine.succeed(check_count("SELECT xpath('/test/text()', doc) FROM xmltest;", 1))


     

       
103

       
103

       
 

       



     

       

       
104

       
+

       
          with subtest("killing postgres process should trigger an automatic restart"):


     

       

       
105

       
+

       
              machine.succeed("systemctl kill -s KILL postgresql")


     

       

       
106

       
+

       



     

       

       
107

       
+

       
              machine.wait_until_succeeds("systemctl is-active postgresql.service")


     

       

       
108

       
+

       
              machine.wait_until_succeeds("systemctl is-active postgresql.target")


     

       

       
109

       
+

       



     

       
104

       
110

       
 

       
          with subtest("Backup service works"):


     

       
105

       
111

       
 

       
              machine.succeed(


     

       
106

       
112

       
 

       
                  "systemctl start ${backupService}.service",