From 28e16e19e4bd6effb46b9cffed8180e30d1889d5 Mon Sep 17 00:00:00 2001
From: Niten <niten@fudo.org>
Date: Mon, 9 Oct 2023 16:10:50 -0700
Subject: [PATCH] Make secrets into RemaiAfterExit oneshot services

---
 lib/fudo/secrets.nix | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/lib/fudo/secrets.nix b/lib/fudo/secrets.nix
index f934d04..08bc9b8 100644
--- a/lib/fudo/secrets.nix
+++ b/lib/fudo/secrets.nix
@@ -42,7 +42,7 @@ let
       wantedBy = [ cfg.secret-target "default.target" ];
       before = [ cfg.secret-target "multi-user.target" ];
       serviceConfig = {
-        Type = "simple";
+        Type = "oneshot";
         RemainAfterExit = true;
         ExecStartPre =
           pkgs.writeShellScript "fudo-secret-prep-${secret-name}.sh" ''
@@ -60,9 +60,8 @@ let
             inherit secret-name source-file target-host target-file
               host-master-key user group permissions;
           };
-        ## This is too aggressive about 'stopping'
-        # ExecStop = pkgs.writeShellScript "fudo-remove-${secret-name}-secret.sh"
-        #   "rm -f ${target-file}";
+        ExecStop = pkgs.writeShellScript "fudo-remove-${secret-name}-secret.sh"
+          "rm -f ${target-file}";
       };
       path = [ pkgs.age ];
     };