From b3c5492b696e02468604fbe00abdc36cb02eb22b Mon Sep 17 00:00:00 2001 From: tv Date: Thu, 29 Dec 2022 13:44:45 +0100 Subject: krebs.systemd.restartIfCredentialsChange: default = false --- krebs/3modules/exim-smarthost.nix | 2 +- krebs/3modules/repo-sync.nix | 4 +++- krebs/3modules/systemd.nix | 6 +----- krebs/3modules/tinc.nix | 1 + 4 files changed, 6 insertions(+), 7 deletions(-) (limited to 'krebs/3modules') diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index 7c176d224..b3cf212e4 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -108,7 +108,7 @@ let }; imp = { - krebs.systemd.services.exim = {}; + krebs.systemd.services.exim.restartIfCredentialsChange = true; systemd.services.exim.serviceConfig.LoadCredential = map (dkim: "${dkim.domain}.dkim_private_key:${dkim.private_key}") cfg.dkim; krebs.exim = { diff --git a/krebs/3modules/repo-sync.nix b/krebs/3modules/repo-sync.nix index c4cfb9a49..5b8a53be8 100644 --- a/krebs/3modules/repo-sync.nix +++ b/krebs/3modules/repo-sync.nix @@ -159,7 +159,9 @@ let ) cfg.repos; krebs.systemd.services = mapAttrs' (name: _: - nameValuePair "repo-sync-${name}" {} + nameValuePair "repo-sync-${name}" { + restartIfCredentialsChange = true; + } ) cfg.repos; systemd.services = mapAttrs' (name: repo: diff --git a/krebs/3modules/systemd.nix b/krebs/3modules/systemd.nix index 194e8b24a..61bfcf639 100644 --- a/krebs/3modules/systemd.nix +++ b/krebs/3modules/systemd.nix @@ -6,11 +6,7 @@ type = lib.types.attrsOf (lib.types.submodule { options = { restartIfCredentialsChange = lib.mkOption { - # Enabling this by default only makes sense here as the user already - # bothered to write down krebs.systemd.services.* = {}. If this - # functionality gets upstreamed to systemd.services, restarting - # should be disabled by default. - default = true; + default = false; description = '' Whether to restart the service whenever any of its credentials change. Only credentials with an absolute path in LoadCredential= diff --git a/krebs/3modules/tinc.nix b/krebs/3modules/tinc.nix index c33b30f0d..0babc448a 100644 --- a/krebs/3modules/tinc.nix +++ b/krebs/3modules/tinc.nix @@ -232,6 +232,7 @@ with import ; ) config.krebs.tinc; krebs.systemd.services = mapAttrs (netname: cfg: { + restartIfCredentialsChange = true; }) config.krebs.tinc; systemd.services = mapAttrs (netname: cfg: { -- cgit v1.2.3