From a9db85d7c856ba20d302de33685bd8d852a4491b Mon Sep 17 00:00:00 2001
From: Emi Matchu <emi@matchu.dev>
Date: Mon, 10 Jun 2024 13:03:19 -0700
Subject: [PATCH] Restart every week, to help ensure SSL certificate renews

Oh right, I dealt with this a few months ago too: I got a notice from
Let's Encrypt that our code.openneo.net SSL certificate was going to
expire soon. And last time, restarting the Forgejo service fixed it and
got a new certificate issued immediately!

My inference is that the logic to check on the certificate status only
happens on startup. So, let's add code to the service file to ensure
that Forgejo will terminate after 7 days of runtime; and the
`Restart=always` setting will ensure that it comes immediately back up.
---
 files/forgejo.service | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/files/forgejo.service b/files/forgejo.service
index ad80645..e3dc690 100644
--- a/files/forgejo.service
+++ b/files/forgejo.service
@@ -51,6 +51,9 @@ After=network.target
 ###
 
 [Service]
+# NOTE: I found that Let's Encrypt certificates only renew when the service
+# starts, so let's make sure we're restarting every so often.
+RuntimeMaxSec=7d
 # Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that
 # LimitNOFILE=524288:524288
 RestartSec=2s