Merge: nixos/acme: fix account creation service ordering (#355054)

tjh.dev / nixpkgs

fork atom

Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)

fork atom

authored by

Maximilian Bosch and committed by

GitHub 1 year ago dda82d9e 03e57194

+6 -4

1 changed file

expand all

unified split

nixos

modules

security

acme

default.nix

+6 -4

nixos/modules/security/acme/default.nix

··· 1017 1017 # systemd clean --what=state is used to delete the account, so long as the user 1018 1018 # then runs one of the cert services, there won't be any issues. 1019 1019 accountTargets = lib.mapAttrs' (hash: confs: let 1020 - leader = "acme-${(builtins.head confs).cert}.service"; 1021 - dependantServices = map (conf: "acme-${conf.cert}.service") (builtins.tail confs); 1020 + dnsConfs = builtins.filter (conf: cfg.certs.${conf.cert}.dnsProvider != null) confs; 1021 + leaderConf = if dnsConfs != [ ] then builtins.head dnsConfs else builtins.head confs; 1022 + leader = "acme-${leaderConf.cert}.service"; 1023 + followers = map (conf: "acme-${conf.cert}.service") (builtins.filter (conf: conf != leaderConf) confs); 1022 1024 in lib.nameValuePair "acme-account-${hash}" { 1023 - requiredBy = dependantServices; 1024 - before = dependantServices; 1025 + requiredBy = followers; 1026 + before = followers; 1025 1027 requires = [ leader ]; 1026 1028 after = [ leader ]; 1027 1029 }) (lib.groupBy (conf: conf.accountHash) (lib.attrValues certConfigs));