Make secrets into RemaiAfterExit oneshot services

2023-10-09 16:10:50 -07:00 · 2023-10-09 16:10:50 -07:00 · 28e16e19e4
parent 7fcbc0bddb
commit 28e16e19e4
1 changed files with 3 additions and 4 deletions
--- a/lib/fudo/secrets.nix
+++ b/lib/fudo/secrets.nix
@ -42,7 +42,7 @@ let
      wantedBy = [ cfg.secret-target "default.target" ];
      before = [ cfg.secret-target "multi-user.target" ];
      serviceConfig = {
-        Type = "simple";
+        Type = "oneshot";
        RemainAfterExit = true;
        ExecStartPre =
          pkgs.writeShellScript "fudo-secret-prep-${secret-name}.sh" ''
@ -60,9 +60,8 @@ let
            inherit secret-name source-file target-host target-file
              host-master-key user group permissions;
          };
-        ## This is too aggressive about 'stopping'
-        # ExecStop = pkgs.writeShellScript "fudo-remove-${secret-name}-secret.sh"
-        #   "rm -f ${target-file}";
+        ExecStop = pkgs.writeShellScript "fudo-remove-${secret-name}-secret.sh"
+          "rm -f ${target-file}";
      };
      path = [ pkgs.age ];
    };