From b5b90b598430cfa876639d76dbbdc8d826ccb5c0 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 4 Aug 2020 20:28:04 +0200
Subject: types.secret-file: add service option

---
 lass/2configs/binary-cache/server.nix |  8 ++++++--
 lass/2configs/websites/sqlBackup.nix  |  8 ++++++--
 lass/3modules/ejabberd/default.nix    | 11 +++++++++--
 3 files changed, 21 insertions(+), 6 deletions(-)

(limited to 'lass')

diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix
index d3775b5d..fbaf16a3 100644
--- a/lass/2configs/binary-cache/server.nix
+++ b/lass/2configs/binary-cache/server.nix
@@ -9,8 +9,12 @@
   };
 
   systemd.services.nix-serve = {
-    requires = ["secret.service"];
-    after = ["secret.service"];
+    after = [
+      config.krebs.secret.files.nix-serve-key.service
+    ];
+    requires = [
+      config.krebs.secret.files.nix-serve-key.service
+    ];
   };
   krebs.secret.files.nix-serve-key = {
     path = "/run/secret/nix-serve.key";
diff --git a/lass/2configs/websites/sqlBackup.nix b/lass/2configs/websites/sqlBackup.nix
index 10a6e464..72d7c7b9 100644
--- a/lass/2configs/websites/sqlBackup.nix
+++ b/lass/2configs/websites/sqlBackup.nix
@@ -14,8 +14,12 @@
   };
 
   systemd.services.mysql = {
-    requires = [ "secret.service" ];
-    after = [ "secret.service" ];
+    after = [
+      config.krebs.secret.files.mysql_rootPassword.service
+    ];
+    requires = [
+      config.krebs.secret.files.mysql_rootPassword.service
+    ];
   };
 
   lass.mysqlBackup = {
diff --git a/lass/3modules/ejabberd/default.nix b/lass/3modules/ejabberd/default.nix
index 4838a909..9642c64c 100644
--- a/lass/3modules/ejabberd/default.nix
+++ b/lass/3modules/ejabberd/default.nix
@@ -74,8 +74,15 @@ in {
 
     systemd.services.ejabberd = {
       wantedBy = [ "multi-user.target" ];
-      requires = [ "secret.service" ];
-      after = [ "network.target" "secret.service" ];
+      after = [
+        config.krebs.secret.files.ejabberd-certfile.service
+        config.krebs.secret.files.ejabberd-s2s_certfile.service
+        "network.target"
+      ];
+      requires = [
+        config.krebs.secret.files.ejabberd-certfile.service
+        config.krebs.secret.files.ejabberd-s2s_certfile.service
+      ];
       serviceConfig = {
         ExecStartPre = "${gen-dhparam} ${cfg.dhfile.path}";
         ExecStart = "${cfg.pkgs.ejabberdctl}/bin/ejabberdctl foreground";
-- 
cgit v1.2.3


From ec91d1b83cfad151033433159a04eb7b5381bc73 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Tue, 4 Aug 2020 22:22:43 +0200
Subject: krebs.secret: restart units on secret change

---
 lass/2configs/binary-cache/server.nix | 2 +-
 lass/2configs/websites/sqlBackup.nix  | 2 +-
 lass/3modules/ejabberd/default.nix    | 4 +++-
 3 files changed, 5 insertions(+), 3 deletions(-)

(limited to 'lass')

diff --git a/lass/2configs/binary-cache/server.nix b/lass/2configs/binary-cache/server.nix
index fbaf16a3..9b91035a 100644
--- a/lass/2configs/binary-cache/server.nix
+++ b/lass/2configs/binary-cache/server.nix
@@ -12,7 +12,7 @@
     after = [
       config.krebs.secret.files.nix-serve-key.service
     ];
-    requires = [
+    partOf = [
       config.krebs.secret.files.nix-serve-key.service
     ];
   };
diff --git a/lass/2configs/websites/sqlBackup.nix b/lass/2configs/websites/sqlBackup.nix
index 72d7c7b9..c9783bec 100644
--- a/lass/2configs/websites/sqlBackup.nix
+++ b/lass/2configs/websites/sqlBackup.nix
@@ -17,7 +17,7 @@
     after = [
       config.krebs.secret.files.mysql_rootPassword.service
     ];
-    requires = [
+    partOf = [
       config.krebs.secret.files.mysql_rootPassword.service
     ];
   };
diff --git a/lass/3modules/ejabberd/default.nix b/lass/3modules/ejabberd/default.nix
index 9642c64c..20a38d57 100644
--- a/lass/3modules/ejabberd/default.nix
+++ b/lass/3modules/ejabberd/default.nix
@@ -17,6 +17,7 @@ in {
     certfile = mkOption {
       type = types.secret-file;
       default = {
+        name = "ejabberd-certfile";
         path = "${cfg.user.home}/ejabberd.pem";
         owner = cfg.user;
         source-path = "/var/lib/acme/lassul.us/full.pem";
@@ -25,6 +26,7 @@ in {
     dhfile = mkOption {
       type = types.secret-file;
       default = {
+        name = "ejabberd-dhfile";
         path = "${cfg.user.home}/dhparams.pem";
         owner = cfg.user;
         source-path = "/dev/null";
@@ -79,7 +81,7 @@ in {
         config.krebs.secret.files.ejabberd-s2s_certfile.service
         "network.target"
       ];
-      requires = [
+      partOf = [
         config.krebs.secret.files.ejabberd-certfile.service
         config.krebs.secret.files.ejabberd-s2s_certfile.service
       ];
-- 
cgit v1.2.3