Zuckerberg
bb39587292
Some checks failed
Check Flake / check-flake (push) Failing after 4m8s
UniFi's Java process crashes during shutdown (Spring context race condition) leaving mongod orphaned in the cgroup. The upstream module sets KillSignal=SIGCONT so systemd won't interrupt the graceful shutdown, but with the default KillMode=control-group this means mongod also only gets SIGCONT (a no-op) and sits there until the 5-minute timeout triggers SIGKILL. Switch to KillMode=mixed so the main Java process still gets the harmless SIGCONT while mongod gets a proper SIGTERM for a clean database shutdown.
36 lines
1.3 KiB
Nix
36 lines
1.3 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
let
|
|
cfg = config.services.unifi;
|
|
in
|
|
{
|
|
options.services.unifi = {
|
|
# Open select Unifi ports instead of using openFirewall to avoid opening access to unifi's control panel
|
|
openMinimalFirewall = lib.mkEnableOption "Open bare minimum firewall ports";
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
services.unifi.unifiPackage = pkgs.unifi;
|
|
services.unifi.mongodbPackage = pkgs.mongodb-7_0;
|
|
|
|
# The upstream module sets KillSignal=SIGCONT so systemd doesn't interfere
|
|
# with UniFi's self-managed shutdown. But UniFi's Java process crashes during
|
|
# shutdown (Spring context already closed) leaving mongod orphaned in the
|
|
# cgroup. With the default KillMode=control-group, mongod only gets SIGCONT
|
|
# (a no-op) and runs until the 5min timeout triggers SIGKILL.
|
|
# KillMode=mixed sends SIGCONT to the main process but SIGTERM to remaining
|
|
# children, giving mongod a clean shutdown instead of SIGKILL.
|
|
systemd.services.unifi.serviceConfig.KillMode = "mixed";
|
|
|
|
networking.firewall = lib.mkIf cfg.openMinimalFirewall {
|
|
allowedUDPPorts = [
|
|
3478 # STUN
|
|
10001 # used for device discovery.
|
|
];
|
|
allowedTCPPorts = [
|
|
8080 # Used for device and application communication.
|
|
];
|
|
};
|
|
};
|
|
}
|