nix
/
lib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make secrets into RemaiAfterExit oneshot services

This commit is contained in:
Niten 2023-10-09 16:10:50 -07:00
parent 7fcbc0bddb
commit 28e16e19e4
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/fudo/secrets.nix
View File

@ -42,7 +42,7 @@ let
wantedBy = [ cfg.secret-target "default.target" ]; wantedBy = [ cfg.secret-target "default.target" ];
before = [ cfg.secret-target "multi-user.target" ]; before = [ cfg.secret-target "multi-user.target" ];
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "oneshot";
RemainAfterExit = true; RemainAfterExit = true;
ExecStartPre = ExecStartPre =
pkgs.writeShellScript "fudo-secret-prep-${secret-name}.sh" '' pkgs.writeShellScript "fudo-secret-prep-${secret-name}.sh" ''
@ -60,9 +60,8 @@ let
inherit secret-name source-file target-host target-file inherit secret-name source-file target-host target-file
host-master-key user group permissions; host-master-key user group permissions;
}; };
## This is too aggressive about 'stopping' ExecStop = pkgs.writeShellScript "fudo-remove-${secret-name}-secret.sh"
# ExecStop = pkgs.writeShellScript "fudo-remove-${secret-name}-secret.sh" "rm -f ${target-file}";
# "rm -f ${target-file}";
}; };
path = [ pkgs.age ]; path = [ pkgs.age ];
}; };