mirror of
https://github.com/Mic92/sops-nix.git
synced 2025-12-26 14:14:58 +08:00
645fa1c3ef
Consider the following case: a service (`gitlab-runner.service` in this case) gets
a new secret that is installed via sops and will be reloaded on a switch. Right
now this would fail like this:
machine | updating GRUB 2 menu...
machine | stopping the following units: sops-install-secrets.service
machine | activating the configuration...
machine | setting up /etc...
[...]
machine | restarting sysinit-reactivation.target
machine | reloading the following units: dbus-broker.service, gitlab-runner.service
machine | restarting the following units: polkit.service
machine | starting the following units: sops-install-secrets.service
Here, the reload happens _before_ running `sops-install-secrets.service`
which means that the newly added secret doesn't exist yet and thus the
reload fails.
This change makes sure the service is started when running
`sysinit-reactivation.target`, i.e. before stc-ng reloads other
services. This is what sysusers already does, so the objective of
running after sysusers is still met.
Also, added an `After=userborn.service` to make sure it's also ordered
after userborn if necessary.
Thank you WilliButz for reminding me that `sysinit-reactivation.target`
exists and is most likely the culprit of that!
|
||
|---|---|---|
| .. | ||
| secrets-for-users | ||
| templates | ||
| default.nix | ||
| manifest-for.nix | ||
| with-environment.nix | ||