From b0c223e71676c26a76aaf6704f347e8089a8d68d Mon Sep 17 00:00:00 2001
From: Erik Arvstedt <erik.arvstedt@gmail.com>
Date: Wed, 10 Mar 2021 14:08:35 +0100
Subject: [PATCH] secrets: don't stop services when the secrets target stops

With krops or nixops the secrets target is always restarted during
the deployment process.
This previously caused unnecessary restarts of all nix-bitcoin services.
---
 modules/bitcoind.nix        |  7 ++++++-
 modules/secrets/secrets.nix | 11 +++++++++--
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/modules/bitcoind.nix b/modules/bitcoind.nix
index f5fce4d..ad804c3 100644
--- a/modules/bitcoind.nix
+++ b/modules/bitcoind.nix
@@ -312,9 +312,14 @@ in {
     ];
 
     systemd.services.bitcoind = {
-      requires = [ "nix-bitcoin-secrets.target" ];
+      # Use `wants` instead of `requires` so that bitcoind and all dependent services
+      # are not restarted when the secrets target restarts.
+      # The secrets target always restarts when deploying with one of the methods
+      # in ./deployment.
+      wants = [ "nix-bitcoin-secrets.target" ];
       after = [ "network.target" "nix-bitcoin-secrets.target" ];
       wantedBy = [ "multi-user.target" ];
+
       preStart = let
         extraRpcauth = concatMapStrings (name: let
           user = cfg.rpc.users.${name};
diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix
index 83f84ea..ccb495f 100644
--- a/modules/secrets/secrets.nix
+++ b/modules/secrets/secrets.nix
@@ -60,8 +60,15 @@ in
     };
   };
 
-  config =  {
-    systemd.targets.nix-bitcoin-secrets = {};
+  config = {
+    # This target is active when secrets have been setup successfully.
+    systemd.targets.nix-bitcoin-secrets = {
+      # This ensures that the secrets target is always activated when switching
+      # configurations.
+      # In this way `switch-to-configuration` is guaranteed to show an error
+      # when activating the secrets target fails on deployment.
+      wantedBy = [ "multi-user.target" ];
+    };
 
     nix-bitcoin.setupSecrets = mkIf cfg.generateSecrets true;