Ensure database exists before starting kdc init

config/domain-config/fudo.org.nix

@@ -52,22 +52,14 @@ in {
   config = {
     # All Fudo hosts should redirect selby.ca to the selbyhomecentre website.
     services.nginx.virtualHosts = {
-      "selby.ca" = {
-        enableACME = true;
-        locations."/".return = "301 https://selbyhomecentre.com$request_uri";
-      };
-      "www.selby.ca" = {
-        enableACME = true;
-        locations."/".return = "301 https://selbyhomecentre.com$request_uri";
-      };
-      "selbyhomecentre.com" = {
-        enableACME = true;
-        locations."/".return = "301 https://selbyhomecentre.com$request_uri";
-      };
-      "www.selbyhomecentre.com" = {
-        enableACME = true;
-        locations."/".return = "301 https://selbyhomecentre.com$request_uri";
-      };
+      "selby.ca".locations."/".return =
+        "301 https://selbyhomecentre.com$request_uri";
+      "www.selby.ca".locations."/".return =
+        "301 https://selbyhomecentre.com$request_uri";
+      "selbyhomecentre.com".locations."/".return =
+        "301 https://selbyhomecentre.com$request_uri";
+      "www.selbyhomecentre.com".locations."/".return =
+        "301 https://selbyhomecentre.com$request_uri";
     };
 
     fudo.services = {
@@ -88,7 +80,7 @@ in {
           };
           "selby.ca" = {
             default-host = "germany";
-            ksk = config.fudo.secrets.files.dns.key-signing-keys."selby.ca";
+            ksk = null;
           };
           "selbyhomecentre.com" = {
             default-host = "germany";

config/host-config/germany.nix

@@ -23,9 +23,9 @@ in {
           prefixLength = 28;
         }];
       };
-      firewall.enable = {
+      firewall = {
         enable = false;
-        interface.podman0.allowedUDPPorts = [ 53 ];
+        interfaces.podman0.allowedUDPPorts = [ 53 ];
       };
     };
 

config/service/fudo-auth.nix

@@ -90,13 +90,16 @@ in {
           ];
           description = "Initialize and update the Heimdal KDC database.";
           path = with pkgs; [ kdcMergePrincipals coreutils ];
-          serviceConfig = {
+          serviceConfig = let
+            db = config.fudo.auth.kerberos.kdc.database;
+            principals = host-secrets.kdc-principals.target-file;
+            master-key = host-secrets.realm-master-key.target-file;
+          in {
             User = krb-user;
             Group = krb-group;
+            Restart = "always";
+            ConditionPathExists = [ db principals master-key ];
             ExecStart = let
-              db = config.fudo.auth.kerberos.kdc.database;
-              principals = host-secrets.kdc-principals.target-file;
-              master-key = host-secrets.realm-master-key.target-file;
               init-db-cmd = concatStringsSep " " [
                 "${pkgs.kdcMergePrincipals}/bin/kdc-merge-principals"
                 "--create"

flake.lock

@@ -2984,11 +2984,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1697257997,
-        "narHash": "sha256-oVRwU9XkWzhfRFrvNzNLSS6YUIyFiFX/uVt/WrFRxZw=",
+        "lastModified": 1697412875,
+        "narHash": "sha256-rJmQ1+5mDuA4nskjnDQ6KVRIS0c8nJ3SJaOrpdIx+I0=",
         "ref": "refs/heads/master",
-        "rev": "34b51d34b9f339f12e4111d4d6e5b00b8752f6bc",
-        "revCount": 241,
+        "rev": "af3dbd0bed0da50d8b13d01256a328b15d9eb7c5",
+        "revCount": 245,
         "type": "git",
         "url": "https://git.fudo.org/fudo-public/mail-server.git"
       },
@@ -3548,11 +3548,11 @@
     },
     "nixpkgs_21": {
       "locked": {
-        "lastModified": 1696983906,
-        "narHash": "sha256-L7GyeErguS7Pg4h8nK0wGlcUTbfUMDu+HMf1UcyP72k=",
+        "lastModified": 1697226376,
+        "narHash": "sha256-cumLLb1QOUtWieUnLGqo+ylNt3+fU8Lcv5Zl+tYbRUE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "bd1cde45c77891214131cbbea5b1203e485a9d51",
+        "rev": "898cb2064b6e98b8c5499f37e81adbdf2925f7c5",
         "type": "github"
       },
       "original": {