Add Systemd watchdog

cli/daemon.go

@@ -18,6 +18,7 @@ import (
 	"miniflux.app/service/httpd"
 	"miniflux.app/service/scheduler"
 	"miniflux.app/storage"
+	"miniflux.app/systemd"
 	"miniflux.app/worker"
 )
 
@@ -44,9 +45,35 @@ func startDaemon(store *storage.Storage) {
 		go collector.GatherStorageMetrics()
 	}
 
-	// Notify systemd that we are ready.
-	if err := sdNotify(sdNotifyReady); err != nil {
-		logger.Error("Unable to send readiness notification to systemd: %v", err)
+	if systemd.HasNotifySocket() {
+		logger.Info("Sending readiness notification to Systemd")
+
+		if err := systemd.SdNotify(systemd.SdNotifyReady); err != nil {
+			logger.Error("Unable to send readiness notification to systemd: %v", err)
+		}
+
+		if systemd.HasSystemdWatchdog() {
+			logger.Info("Activating Systemd watchdog")
+
+			go func() {
+				interval, err := systemd.WatchdogInterval()
+				if err != nil {
+					logger.Error("Unable to parse watchdog interval from systemd: %v", err)
+					return
+				}
+
+				for {
+					err := store.Ping()
+					if err != nil {
+						logger.Error(`Systemd Watchdog: %v`, err)
+					} else {
+						systemd.SdNotify(systemd.SdNotifyWatchdog)
+					}
+
+					time.Sleep(interval / 2)
+				}
+			}()
+		}
 	}
 
 	<-stop

packaging/systemd/miniflux.service

@@ -5,17 +5,27 @@
 # See https://wiki.archlinux.org/index.php/Systemd#Editing_provided_units.
 
 [Unit]
-Description=Miniflux Feed Reader
+Description=Miniflux
 After=network.target postgresql.service
 
 [Service]
-Type=notify
 ExecStart=/usr/bin/miniflux
-Restart=always
-
 EnvironmentFile=/etc/miniflux.conf
 User=miniflux
 
+# https://www.freedesktop.org/software/systemd/man/systemd.service.html#Type=
+Type=notify
+
+# https://www.freedesktop.org/software/systemd/man/systemd.service.html#WatchdogSec=
+WatchdogSec=30s
+WatchdogSignal=SIGKILL
+
+# https://www.freedesktop.org/software/systemd/man/systemd.service.html#Restart=
+Restart=always
+
+# https://www.freedesktop.org/software/systemd/man/systemd.service.html#RestartSec=
+RestartSec=5
+
 # https://www.freedesktop.org/software/systemd/man/systemd.exec.html#NoNewPrivileges=
 NoNewPrivileges=true
 
@@ -45,13 +55,9 @@ RestrictRealtime=true
 # https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ReadWritePaths=
 ReadWritePaths=/run
 
-# Allow miniflux to bind to <1024 ports
+# Allow miniflux to bind to privileged ports
 # https://www.freedesktop.org/software/systemd/man/systemd.exec.html#AmbientCapabilities=
 AmbientCapabilities=CAP_NET_BIND_SERVICE
 
-# Provide a private /tmp
-# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateTmp=
-PrivateTmp=true
-
 [Install]
 WantedBy=multi-user.target

cli/sd_notify.go → systemd/systemd.go

@@ -2,29 +2,61 @@
 // Use of this source code is governed by the Apache 2.0
 // license that can be found in the LICENSE file.
 
-package cli // import "miniflux.app/cli"
+package systemd // import "miniflux.app/systemd"
 
 import (
+	"fmt"
 	"net"
 	"os"
+	"strconv"
+	"time"
 )
 
 const (
-	// sdNotifyReady tells the service manager that service startup is
+	// SdNotifyReady tells the service manager that service startup is
 	// finished, or the service finished loading its configuration.
-	sdNotifyReady = "READY=1"
+	// https://www.freedesktop.org/software/systemd/man/sd_notify.html#READY=1
+	SdNotifyReady = "READY=1"
+
+	// SdNotifyWatchdog the service manager to update the watchdog timestamp.
+	// https://www.freedesktop.org/software/systemd/man/sd_notify.html#WATCHDOG=1
+	SdNotifyWatchdog = "WATCHDOG=1"
 )
 
-// sdNotify sends a message to systemd using the sd_notify protocol.
+// HasNotifySocket checks if the process is supervised by Systemd and has the notify socket.
+func HasNotifySocket() bool {
+	return os.Getenv("NOTIFY_SOCKET") != ""
+}
+
+// HasSystemdWatchdog checks if the watchdog is configured in Systemd unit file.
+func HasSystemdWatchdog() bool {
+	return os.Getenv("WATCHDOG_USEC") != ""
+}
+
+// WatchdogInterval returns the watchdog interval configured in systemd unit file.
+func WatchdogInterval() (time.Duration, error) {
+	s, err := strconv.Atoi(os.Getenv("WATCHDOG_USEC"))
+	if err != nil {
+		return 0, fmt.Errorf(`systemd: error converting WATCHDOG_USEC: %v`, err)
+	}
+
+	if s <= 0 {
+		return 0, fmt.Errorf(`systemd: error WATCHDOG_USEC must be a positive number`)
+	}
+
+	return time.Duration(s) * time.Microsecond, nil
+}
+
+// SdNotify sends a message to systemd using the sd_notify protocol.
 // See https://www.freedesktop.org/software/systemd/man/sd_notify.html.
-func sdNotify(state string) error {
+func SdNotify(state string) error {
 	addr := &net.UnixAddr{
 		Net:  "unixgram",
 		Name: os.Getenv("NOTIFY_SOCKET"),
 	}
 
 	if addr.Name == "" {
-		// We're not running under systemd (NOTIFY_SOCKET has not set).
+		// We're not running under systemd (NOTIFY_SOCKET is not set).
 		return nil
 	}