secrets: don't stop services when the secrets target stops

With krops or nixops the secrets target is always restarted during
the deployment process.
This previously caused unnecessary restarts of all nix-bitcoin services.
This commit is contained in:
Erik Arvstedt 2021-03-10 14:08:35 +01:00 committed by Jonas Nick
parent b701cb5603
commit b0c223e716
No known key found for this signature in database
GPG Key ID: 4861DBF262123605
2 changed files with 15 additions and 3 deletions

View File

@ -312,9 +312,14 @@ in {
]; ];
systemd.services.bitcoind = { systemd.services.bitcoind = {
requires = [ "nix-bitcoin-secrets.target" ]; # Use `wants` instead of `requires` so that bitcoind and all dependent services
# are not restarted when the secrets target restarts.
# The secrets target always restarts when deploying with one of the methods
# in ./deployment.
wants = [ "nix-bitcoin-secrets.target" ];
after = [ "network.target" "nix-bitcoin-secrets.target" ]; after = [ "network.target" "nix-bitcoin-secrets.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
preStart = let preStart = let
extraRpcauth = concatMapStrings (name: let extraRpcauth = concatMapStrings (name: let
user = cfg.rpc.users.${name}; user = cfg.rpc.users.${name};

View File

@ -60,8 +60,15 @@ in
}; };
}; };
config = { config = {
systemd.targets.nix-bitcoin-secrets = {}; # This target is active when secrets have been setup successfully.
systemd.targets.nix-bitcoin-secrets = {
# This ensures that the secrets target is always activated when switching
# configurations.
# In this way `switch-to-configuration` is guaranteed to show an error
# when activating the secrets target fails on deployment.
wantedBy = [ "multi-user.target" ];
};
nix-bitcoin.setupSecrets = mkIf cfg.generateSecrets true; nix-bitcoin.setupSecrets = mkIf cfg.generateSecrets true;