summaryrefslogtreecommitdiffstats
path: root/krebs
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2022-12-29 13:44:45 +0100
committertv <tv@krebsco.de>2022-12-29 15:24:39 +0100
commitb3c5492b696e02468604fbe00abdc36cb02eb22b (patch)
treea9a3ec32eab8f657271b279f9115829fa6446175 /krebs
parent2a63d78060295a4a59b2d90c48480625a592da71 (diff)
krebs.systemd.restartIfCredentialsChange: default = false
Diffstat (limited to 'krebs')
-rw-r--r--krebs/3modules/exim-smarthost.nix2
-rw-r--r--krebs/3modules/repo-sync.nix4
-rw-r--r--krebs/3modules/systemd.nix6
-rw-r--r--krebs/3modules/tinc.nix1
4 files changed, 6 insertions, 7 deletions
diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix
index 7c176d224..b3cf212e4 100644
--- a/krebs/3modules/exim-smarthost.nix
+++ b/krebs/3modules/exim-smarthost.nix
@@ -108,7 +108,7 @@ let
};
imp = {
- krebs.systemd.services.exim = {};
+ krebs.systemd.services.exim.restartIfCredentialsChange = true;
systemd.services.exim.serviceConfig.LoadCredential =
map (dkim: "${dkim.domain}.dkim_private_key:${dkim.private_key}") cfg.dkim;
krebs.exim = {
diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix
index c4cfb9a49..5b8a53be8 100644
--- a/krebs/3modules/repo-sync.nix
+++ b/krebs/3modules/repo-sync.nix
@@ -159,7 +159,9 @@ let
) cfg.repos;
krebs.systemd.services = mapAttrs' (name: _:
- nameValuePair "repo-sync-${name}" {}
+ nameValuePair "repo-sync-${name}" {
+ restartIfCredentialsChange = true;
+ }
) cfg.repos;
systemd.services = mapAttrs' (name: repo:
diff --git a/krebs/3modules/systemd.nix b/krebs/3modules/systemd.nix
index 194e8b24a..61bfcf639 100644
--- a/krebs/3modules/systemd.nix
+++ b/krebs/3modules/systemd.nix
@@ -6,11 +6,7 @@
type = lib.types.attrsOf (lib.types.submodule {
options = {
restartIfCredentialsChange = lib.mkOption {
- # Enabling this by default only makes sense here as the user already
- # bothered to write down krebs.systemd.services.* = {}. If this
- # functionality gets upstreamed to systemd.services, restarting
- # should be disabled by default.
- default = true;
+ default = false;
description = ''
Whether to restart the service whenever any of its credentials
change. Only credentials with an absolute path in LoadCredential=
diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix
index c33b30f0d..0babc448a 100644
--- a/krebs/3modules/tinc.nix
+++ b/krebs/3modules/tinc.nix
@@ -232,6 +232,7 @@ with import <stockholm/lib>;
) config.krebs.tinc;
krebs.systemd.services = mapAttrs (netname: cfg: {
+ restartIfCredentialsChange = true;
}) config.krebs.tinc;
systemd.services = mapAttrs (netname: cfg: {