diff options
Diffstat (limited to 'lass')
| -rw-r--r-- | lass/2configs/binary-cache/server.nix | 8 | ||||
| -rw-r--r-- | lass/2configs/websites/sqlBackup.nix | 8 | ||||
| -rw-r--r-- | lass/3modules/ejabberd/default.nix | 13 |
3 files changed, 23 insertions, 6 deletions
diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix index d3775b5df..9b91035a8 100644 --- a/lass/2configs/binary-cache/server.nix +++ b/lass/2configs/binary-cache/server.nix @@ -9,8 +9,12 @@ }; systemd.services.nix-serve = { - requires = ["secret.service"]; - after = ["secret.service"]; + after = [ + config.krebs.secret.files.nix-serve-key.service + ]; + partOf = [ + config.krebs.secret.files.nix-serve-key.service + ]; }; krebs.secret.files.nix-serve-key = { path = "/run/secret/nix-serve.key"; diff --git a/lass/2configs/websites/sqlBackup.nix b/lass/2configs/websites/sqlBackup.nix index 10a6e4643..c9783bece 100644 --- a/lass/2configs/websites/sqlBackup.nix +++ b/lass/2configs/websites/sqlBackup.nix @@ -14,8 +14,12 @@ }; systemd.services.mysql = { - requires = [ "secret.service" ]; - after = [ "secret.service" ]; + after = [ + config.krebs.secret.files.mysql_rootPassword.service + ]; + partOf = [ + config.krebs.secret.files.mysql_rootPassword.service + ]; }; lass.mysqlBackup = { diff --git a/lass/3modules/ejabberd/default.nix b/lass/3modules/ejabberd/default.nix index 4838a9093..20a38d572 100644 --- a/lass/3modules/ejabberd/default.nix +++ b/lass/3modules/ejabberd/default.nix @@ -17,6 +17,7 @@ in { certfile = mkOption { type = types.secret-file; default = { + name = "ejabberd-certfile"; path = "${cfg.user.home}/ejabberd.pem"; owner = cfg.user; source-path = "/var/lib/acme/lassul.us/full.pem"; @@ -25,6 +26,7 @@ in { dhfile = mkOption { type = types.secret-file; default = { + name = "ejabberd-dhfile"; path = "${cfg.user.home}/dhparams.pem"; owner = cfg.user; source-path = "/dev/null"; @@ -74,8 +76,15 @@ in { systemd.services.ejabberd = { wantedBy = [ "multi-user.target" ]; - requires = [ "secret.service" ]; - after = [ "network.target" "secret.service" ]; + after = [ + config.krebs.secret.files.ejabberd-certfile.service + config.krebs.secret.files.ejabberd-s2s_certfile.service + "network.target" + ]; + partOf = [ + config.krebs.secret.files.ejabberd-certfile.service + config.krebs.secret.files.ejabberd-s2s_certfile.service + ]; serviceConfig = { ExecStartPre = "${gen-dhparam} ${cfg.dhfile.path}"; ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl foreground"; |