samueldr changed the topic of #nixops to: NixOps related talk | logs: https://logs.nix.samueldr.com/nixops/
nuncanada has quit [Quit: Leaving]
johnny101m has quit [Ping timeout: 268 seconds]
pbb_ has joined #nixops
pbb has quit [Ping timeout: 272 seconds]
pbb_ has quit [Remote host closed the connection]
pbb has joined #nixops
psyanticy has joined #nixops
johnny101m2 has joined #nixops
pbb has quit [Quit: http://quassel-irc.org - Chat comfortably. Anywhere.]
pbb has joined #nixops
pbb has quit [Quit: http://quassel-irc.org - Chat comfortably. Anywhere.]
pbb has joined #nixops
pbb_ has joined #nixops
pbb has quit [Ping timeout: 240 seconds]
nuncanada has joined #nixops
psyanticy has quit [Quit: Connection closed for inactivity]
<gchristensen> is there a way to restart services after nixops copies keys?
<gchristensen> yes
<gchristensen> If you have a custom service that depends on a key from deployment.keys, you can opt to let systemd track that dependency. Each key gets a corresponding systemd service "${keyname}-key.service" which is active while the key is present, and otherwise inactive when the key is absent. See Example 3.12 for how to set this up.
<aminechikhaoui> or maybe rely on keys.target in the systemd unit
<gchristensen> oh nice
<aminechikhaoui> but I think there are issues with that if the service gets started during boot with dependency on multi-user.target iirc
<gchristensen> ah
<aminechikhaoui> as that means it would get stuck during the boot process since you don't have the keys in tmpfs yet
<aminechikhaoui> at least I remember an issue like that, not sure about the exact config I had at the time
<gchristensen> after = [ "buildkite-ssh-private-key-key.service" "buildkite-ssh-public-key-key.service" "buildkite-token-key.service" ]; <- lol
<gchristensen> hmm
<gchristensen> I think I want partOf too
<aminechikhaoui> I never get those options right :D
<gchristensen> me either hehe
johnny101m has joined #nixops
johnny101m2 has quit [Ping timeout: 240 seconds]