diff --git a/modules/bitcoind.nix b/modules/bitcoind.nix index f5fce4d..ad804c3 100644 --- a/modules/bitcoind.nix +++ b/modules/bitcoind.nix @@ -312,9 +312,14 @@ in { ]; systemd.services.bitcoind = { - requires = [ "nix-bitcoin-secrets.target" ]; + # Use `wants` instead of `requires` so that bitcoind and all dependent services + # are not restarted when the secrets target restarts. + # The secrets target always restarts when deploying with one of the methods + # in ./deployment. + wants = [ "nix-bitcoin-secrets.target" ]; after = [ "network.target" "nix-bitcoin-secrets.target" ]; wantedBy = [ "multi-user.target" ]; + preStart = let extraRpcauth = concatMapStrings (name: let user = cfg.rpc.users.${name}; diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 83f84ea..ccb495f 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -60,8 +60,15 @@ in }; }; - config = { - systemd.targets.nix-bitcoin-secrets = {}; + config = { + # This target is active when secrets have been setup successfully. + systemd.targets.nix-bitcoin-secrets = { + # This ensures that the secrets target is always activated when switching + # configurations. + # In this way `switch-to-configuration` is guaranteed to show an error + # when activating the secrets target fails on deployment. + wantedBy = [ "multi-user.target" ]; + }; nix-bitcoin.setupSecrets = mkIf cfg.generateSecrets true;