From bb395872927be6d3bfb0c3f398160fddf35b80a4 Mon Sep 17 00:00:00 2001
From: Zuckerberg <zuckerberg@neet.dev>
Date: Tue, 3 Mar 2026 22:02:21 -0800
Subject: [PATCH] Fix unifi service taking 5+ minutes to shut down

UniFi's Java process crashes during shutdown (Spring context race
condition) leaving mongod orphaned in the cgroup. The upstream module
sets KillSignal=SIGCONT so systemd won't interrupt the graceful
shutdown, but with the default KillMode=control-group this means
mongod also only gets SIGCONT (a no-op) and sits there until the
5-minute timeout triggers SIGKILL.

Switch to KillMode=mixed so the main Java process still gets the
harmless SIGCONT while mongod gets a proper SIGTERM for a clean
database shutdown.
---
 common/server/unifi.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/common/server/unifi.nix b/common/server/unifi.nix
index 92f20c4..fe6c132 100644
--- a/common/server/unifi.nix
+++ b/common/server/unifi.nix
@@ -13,6 +13,15 @@ in
     services.unifi.unifiPackage = pkgs.unifi;
     services.unifi.mongodbPackage = pkgs.mongodb-7_0;
 
+    # The upstream module sets KillSignal=SIGCONT so systemd doesn't interfere
+    # with UniFi's self-managed shutdown. But UniFi's Java process crashes during
+    # shutdown (Spring context already closed) leaving mongod orphaned in the
+    # cgroup. With the default KillMode=control-group, mongod only gets SIGCONT
+    # (a no-op) and runs until the 5min timeout triggers SIGKILL.
+    # KillMode=mixed sends SIGCONT to the main process but SIGTERM to remaining
+    # children, giving mongod a clean shutdown instead of SIGKILL.
+    systemd.services.unifi.serviceConfig.KillMode = "mixed";
+
     networking.firewall = lib.mkIf cfg.openMinimalFirewall {
       allowedUDPPorts = [
         3478 # STUN