From c4a56105ca547abe2c941ef8f28dc27652c47186 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Guillot?= <f@miniflux.net>
Date: Sat, 22 May 2021 18:36:32 -0700
Subject: [PATCH] Add Systemd watchdog

---
 cli/daemon.go                      | 33 +++++++++++--
 cli/sd_notify.go                   | 42 -----------------
 packaging/systemd/miniflux.service | 24 ++++++----
 systemd/systemd.go                 | 74 ++++++++++++++++++++++++++++++
 4 files changed, 119 insertions(+), 54 deletions(-)
 delete mode 100644 cli/sd_notify.go
 create mode 100644 systemd/systemd.go

diff --git a/cli/daemon.go b/cli/daemon.go
index 2c50e3f6..f312d49e 100644
--- a/cli/daemon.go
+++ b/cli/daemon.go
@@ -18,6 +18,7 @@ import (
 	"miniflux.app/service/httpd"
 	"miniflux.app/service/scheduler"
 	"miniflux.app/storage"
+	"miniflux.app/systemd"
 	"miniflux.app/worker"
 )
 
@@ -44,9 +45,35 @@ func startDaemon(store *storage.Storage) {
 		go collector.GatherStorageMetrics()
 	}
 
-	// Notify systemd that we are ready.
-	if err := sdNotify(sdNotifyReady); err != nil {
-		logger.Error("Unable to send readiness notification to systemd: %v", err)
+	if systemd.HasNotifySocket() {
+		logger.Info("Sending readiness notification to Systemd")
+
+		if err := systemd.SdNotify(systemd.SdNotifyReady); err != nil {
+			logger.Error("Unable to send readiness notification to systemd: %v", err)
+		}
+
+		if systemd.HasSystemdWatchdog() {
+			logger.Info("Activating Systemd watchdog")
+
+			go func() {
+				interval, err := systemd.WatchdogInterval()
+				if err != nil {
+					logger.Error("Unable to parse watchdog interval from systemd: %v", err)
+					return
+				}
+
+				for {
+					err := store.Ping()
+					if err != nil {
+						logger.Error(`Systemd Watchdog: %v`, err)
+					} else {
+						systemd.SdNotify(systemd.SdNotifyWatchdog)
+					}
+
+					time.Sleep(interval / 2)
+				}
+			}()
+		}
 	}
 
 	<-stop
diff --git a/cli/sd_notify.go b/cli/sd_notify.go
deleted file mode 100644
index 60c354a4..00000000
--- a/cli/sd_notify.go
+++ /dev/null
@@ -1,42 +0,0 @@
-// Copyright 2021 Frédéric Guillot. All rights reserved.
-// Use of this source code is governed by the Apache 2.0
-// license that can be found in the LICENSE file.
-
-package cli // import "miniflux.app/cli"
-
-import (
-	"net"
-	"os"
-)
-
-const (
-	// sdNotifyReady tells the service manager that service startup is
-	// finished, or the service finished loading its configuration.
-	sdNotifyReady = "READY=1"
-)
-
-// sdNotify sends a message to systemd using the sd_notify protocol.
-// See https://www.freedesktop.org/software/systemd/man/sd_notify.html.
-func sdNotify(state string) error {
-	addr := &net.UnixAddr{
-		Net:  "unixgram",
-		Name: os.Getenv("NOTIFY_SOCKET"),
-	}
-
-	if addr.Name == "" {
-		// We're not running under systemd (NOTIFY_SOCKET has not set).
-		return nil
-	}
-
-	conn, err := net.DialUnix(addr.Net, nil, addr)
-	if err != nil {
-		return err
-	}
-	defer conn.Close()
-
-	if _, err = conn.Write([]byte(state)); err != nil {
-		return err
-	}
-
-	return nil
-}
diff --git a/packaging/systemd/miniflux.service b/packaging/systemd/miniflux.service
index 440096f2..1f36f5c9 100644
--- a/packaging/systemd/miniflux.service
+++ b/packaging/systemd/miniflux.service
@@ -5,17 +5,27 @@
 # See https://wiki.archlinux.org/index.php/Systemd#Editing_provided_units.
 
 [Unit]
-Description=Miniflux Feed Reader
+Description=Miniflux
 After=network.target postgresql.service
 
 [Service]
-Type=notify
 ExecStart=/usr/bin/miniflux
-Restart=always
-
 EnvironmentFile=/etc/miniflux.conf
 User=miniflux
 
+# https://www.freedesktop.org/software/systemd/man/systemd.service.html#Type=
+Type=notify
+
+# https://www.freedesktop.org/software/systemd/man/systemd.service.html#WatchdogSec=
+WatchdogSec=30s
+WatchdogSignal=SIGKILL
+
+# https://www.freedesktop.org/software/systemd/man/systemd.service.html#Restart=
+Restart=always
+
+# https://www.freedesktop.org/software/systemd/man/systemd.service.html#RestartSec=
+RestartSec=5
+
 # https://www.freedesktop.org/software/systemd/man/systemd.exec.html#NoNewPrivileges=
 NoNewPrivileges=true
 
@@ -45,13 +55,9 @@ RestrictRealtime=true
 # https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ReadWritePaths=
 ReadWritePaths=/run
 
-# Allow miniflux to bind to <1024 ports
+# Allow miniflux to bind to privileged ports
 # https://www.freedesktop.org/software/systemd/man/systemd.exec.html#AmbientCapabilities=
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 
-# Provide a private /tmp
-# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateTmp=
-PrivateTmp=true
-
 [Install]
 WantedBy=multi-user.target
diff --git a/systemd/systemd.go b/systemd/systemd.go
new file mode 100644
index 00000000..d4415a0c
--- /dev/null
+++ b/systemd/systemd.go
@@ -0,0 +1,74 @@
+// Copyright 2021 Frédéric Guillot. All rights reserved.
+// Use of this source code is governed by the Apache 2.0
+// license that can be found in the LICENSE file.
+
+package systemd // import "miniflux.app/systemd"
+
+import (
+	"fmt"
+	"net"
+	"os"
+	"strconv"
+	"time"
+)
+
+const (
+	// SdNotifyReady tells the service manager that service startup is
+	// finished, or the service finished loading its configuration.
+	// https://www.freedesktop.org/software/systemd/man/sd_notify.html#READY=1
+	SdNotifyReady = "READY=1"
+
+	// SdNotifyWatchdog the service manager to update the watchdog timestamp.
+	// https://www.freedesktop.org/software/systemd/man/sd_notify.html#WATCHDOG=1
+	SdNotifyWatchdog = "WATCHDOG=1"
+)
+
+// HasNotifySocket checks if the process is supervised by Systemd and has the notify socket.
+func HasNotifySocket() bool {
+	return os.Getenv("NOTIFY_SOCKET") != ""
+}
+
+// HasSystemdWatchdog checks if the watchdog is configured in Systemd unit file.
+func HasSystemdWatchdog() bool {
+	return os.Getenv("WATCHDOG_USEC") != ""
+}
+
+// WatchdogInterval returns the watchdog interval configured in systemd unit file.
+func WatchdogInterval() (time.Duration, error) {
+	s, err := strconv.Atoi(os.Getenv("WATCHDOG_USEC"))
+	if err != nil {
+		return 0, fmt.Errorf(`systemd: error converting WATCHDOG_USEC: %v`, err)
+	}
+
+	if s <= 0 {
+		return 0, fmt.Errorf(`systemd: error WATCHDOG_USEC must be a positive number`)
+	}
+
+	return time.Duration(s) * time.Microsecond, nil
+}
+
+// SdNotify sends a message to systemd using the sd_notify protocol.
+// See https://www.freedesktop.org/software/systemd/man/sd_notify.html.
+func SdNotify(state string) error {
+	addr := &net.UnixAddr{
+		Net:  "unixgram",
+		Name: os.Getenv("NOTIFY_SOCKET"),
+	}
+
+	if addr.Name == "" {
+		// We're not running under systemd (NOTIFY_SOCKET is not set).
+		return nil
+	}
+
+	conn, err := net.DialUnix(addr.Net, nil, addr)
+	if err != nil {
+		return err
+	}
+	defer conn.Close()
+
+	if _, err = conn.Write([]byte(state)); err != nil {
+		return err
+	}
+
+	return nil
+}
-- 
GitLab