summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2020-08-04 20:28:04 +0200
committertv <tv@krebsco.de>2020-08-05 11:01:30 +0200
commitb5b90b598430cfa876639d76dbbdc8d826ccb5c0 (patch)
treea302c834b859111bd2061e2c52d9e91c052d2a98 /krebs
parent087fff54f11d28c9a08849c70520ecf9030f4ce9 (diff)
types.secret-file: add service option
Diffstat (limited to 'krebs')
-rw-r--r--krebs/3modules/exim-smarthost.nix8
-rw-r--r--krebs/3modules/konsens.nix2
-rw-r--r--krebs/3modules/repo-sync.nix8
-rw-r--r--krebs/3modules/tinc.nix9
4 files changed, 21 insertions, 6 deletions
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix
index e988fb563..2a97f9d6e 100644
--- a/krebs/3modules/exim-smarthost.nix
+++ b/krebs/3modules/exim-smarthost.nix
@@ -115,8 +115,12 @@ let
}));
systemd.services = mkIf (cfg.dkim != []) {
exim = {
- after = [ "secret.service" ];
- requires = [ "secret.service" ];
+ after = flip map cfg.dkim (dkim:
+ config.krebs.secret.files."exim.dkim_private_key/${dkim.domain}".service
+ );
+ requires = flip map cfg.dkim (dkim:
+ config.krebs.secret.files."exim.dkim_private_key/${dkim.domain}".service
+ );
};
};
krebs.exim = {
diff --git a/krebs/3modules/konsens.nix b/krebs/3modules/konsens.nix
index 74895a971..81486810b 100644
--- a/krebs/3modules/konsens.nix
+++ b/krebs/3modules/konsens.nix
@@ -56,7 +56,7 @@ let
systemd.services = mapAttrs' (name: repo:
nameValuePair "konsens-${name}" {
- after = [ "network.target" "secret.service" ];
+ after = [ "network.target" ];
path = [ pkgs.git ];
restartIfChanged = false;
serviceConfig = {
diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix
index 45d9d81c3..892f34049 100644
--- a/krebs/3modules/repo-sync.nix
+++ b/krebs/3modules/repo-sync.nix
@@ -166,7 +166,13 @@ let
});
in nameValuePair "repo-sync-${name}" {
description = "repo-sync";
- after = [ "network.target" "secret.service" ];
+ after = [
+ config.krebs.secret.files.repo-sync-key.service
+ "network.target"
+ ];
+ requires = [
+ config.krebs.secret.files.repo-sync-key.service
+ ];
environment = {
GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.stateDir}/ssh.priv";
diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix
index 8b6e959d4..0be16d8f6 100644
--- a/krebs/3modules/tinc.nix
+++ b/krebs/3modules/tinc.nix
@@ -219,9 +219,14 @@ let
iproute = cfg.iproutePackage;
in {
description = "Tinc daemon for ${netname}";
- after = [ "network.target" ];
+ after = [
+ config.krebs.secret.files."${netname}.rsa_key.priv".service
+ "network.target"
+ ];
+ requires = [
+ config.krebs.secret.files."${netname}.rsa_key.priv".service
+ ];
wantedBy = [ "multi-user.target" ];
- requires = [ "secret.service" ];
path = [ tinc iproute ];
serviceConfig = rec {
Restart = "always";