nixos/common: make the EnvironmentFile optional to avoid... problems

In general, it's better for us to fail to pass credentials to the Nix daemon
than it is for the Nix daemon to fail to start up entirely.

We will restart the daemon once the secrets have been delivered anyway.
This commit is contained in:
Luke Granger-Brown 2022-03-20 10:00:17 +00:00
parent c9ffb4ed3e
commit 829d179d37

View file

@ -283,7 +283,8 @@ in
group = "root"; group = "root";
reloadOrRestartUnits = [ "nix-daemon.service" ]; reloadOrRestartUnits = [ "nix-daemon.service" ];
}; };
systemd.services.nix-daemon.serviceConfig.EnvironmentFile = config.my.vault.secrets.nix-daemon.path; # - prefix to make the file existing optional.
systemd.services.nix-daemon.serviceConfig.EnvironmentFile = "-${config.my.vault.secrets.nix-daemon.path}";
services.fwupd.enable = true; services.fwupd.enable = true;