From 829d179d37d57f1cfc8290596d94371f9309801d Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sun, 20 Mar 2022 10:00:17 +0000 Subject: [PATCH] nixos/common: make the EnvironmentFile optional to avoid... problems In general, it's better for us to fail to pass credentials to the Nix daemon than it is for the Nix daemon to fail to start up entirely. We will restart the daemon once the secrets have been delivered anyway. --- ops/nixos/lib/common.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/ops/nixos/lib/common.nix b/ops/nixos/lib/common.nix index 7fec64b8c8..71c61a1753 100644 --- a/ops/nixos/lib/common.nix +++ b/ops/nixos/lib/common.nix @@ -283,7 +283,8 @@ in group = "root"; reloadOrRestartUnits = [ "nix-daemon.service" ]; }; - systemd.services.nix-daemon.serviceConfig.EnvironmentFile = config.my.vault.secrets.nix-daemon.path; + # - prefix to make the file existing optional. + systemd.services.nix-daemon.serviceConfig.EnvironmentFile = "-${config.my.vault.secrets.nix-daemon.path}"; services.fwupd.enable = true;