From 0eb883061b79220a202573f41c2953d1be78c3de Mon Sep 17 00:00:00 2001
From: Berwn <alexander@grabowski.email>
Date: Wed, 17 Jun 2026 17:09:30 +0700
Subject: [PATCH] Keep systemd-journal-upload retrying instead of failing a
 deploy

The uploader exits when VictoriaLogs is unreachable. Upstream already sets
Restart=always/RestartSec=3sec, but the default start-rate limit lets the unit
give up permanently and trip switch-to-configuration when the sink is briefly
down. Disable the limit (startLimitIntervalSec=0) so logging stays best-effort
and never wedges a host or a deploy.
---
 modules/monitoring/exporters.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/modules/monitoring/exporters.nix b/modules/monitoring/exporters.nix
index 40d564c..c6a5434 100644
--- a/modules/monitoring/exporters.nix
+++ b/modules/monitoring/exporters.nix
@@ -103,6 +103,13 @@ in
       "http://${dest}/insert/journald";
   };
 
+  # systemd-journal-upload exits if the sink is unreachable. The upstream module
+  # already sets Restart=always/RestartSec=3sec, but the default start-rate limit
+  # (5 tries / 10s) still lets the unit give up permanently and fail a deploy when
+  # VictoriaLogs is briefly down. Logging is best-effort: disable the limit so it
+  # retries forever instead of wedging the host (or switch-to-configuration).
+  systemd.services.systemd-journal-upload.startLimitIntervalSec = 0;
+
   # Scrape ports reachable only from the ZeroTier mesh.
   networking.firewall.extraInputRules = ''
     ip6 saddr ${mesh.subnet} tcp dport { ${lib.concatMapStringsSep ", " toString ports} } accept