From 54dc10b79fd3495720fbd1de2a5c03436d474ac5 Mon Sep 17 00:00:00 2001
From: Daniel Micay <daniel.micay@grapheneos.org>
Date: Wed, 12 Feb 2025 08:06:00 -0500
Subject: [PATCH] set up systemd runtime watchdog support

Services without a hardware watchdog will need to use softdog and won't
get most of the benefits but it's still useful.
---
 hosts.sh                    | 3 +++
 modules-load.d/softdog.conf | 1 +
 systemd/system.conf         | 4 ++--
 3 files changed, 6 insertions(+), 2 deletions(-)
 create mode 100644 modules-load.d/softdog.conf

diff --git a/hosts.sh b/hosts.sh
index e5ebf06..b0019ab 100644
--- a/hosts.sh
+++ b/hosts.sh
@@ -245,6 +245,9 @@ declare -Ar hosts_ipv6_address=(
     [grapheneos.social]=2607:5300:205:200::5e3f
 )
 
+declare -Ar hosts_hardware_watchdog=(
+)
+
 readonly hosts_dns=(
     ns1.staging.grapheneos.org
     ns1.grapheneos.org
diff --git a/modules-load.d/softdog.conf b/modules-load.d/softdog.conf
new file mode 100644
index 0000000..6711610
--- /dev/null
+++ b/modules-load.d/softdog.conf
@@ -0,0 +1 @@
+softdog
diff --git a/systemd/system.conf b/systemd/system.conf
index 2b1aa54..5f891c9 100644
--- a/systemd/system.conf
+++ b/systemd/system.conf
@@ -31,10 +31,10 @@ CrashAction=reboot
 #CPUAffinity=
 #NUMAPolicy=default
 #NUMAMask=
-#RuntimeWatchdogSec=off
+RuntimeWatchdogSec=60s
 #RuntimeWatchdogPreSec=off
 #RuntimeWatchdogPreGovernor=
-#RebootWatchdogSec=10min
+RebootWatchdogSec=60s
 #KExecWatchdogSec=off
 #WatchdogDevice=
 #CapabilityBoundingSet=