From ca8d7cbe30f24e383c703444e08c806cb811ffe8 Mon Sep 17 00:00:00 2001 From: Max Date: Thu, 22 Aug 2024 23:32:01 +0200 Subject: [PATCH] modules/consul-distributed-services: wait for consul-ready.target, use system management token --- modules/consul-distributed-services/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/consul-distributed-services/default.nix b/modules/consul-distributed-services/default.nix index 91d2685..32d8ef6 100644 --- a/modules/consul-distributed-services/default.nix +++ b/modules/consul-distributed-services/default.nix @@ -45,14 +45,15 @@ in hasSpecialPrefix = elem (substring 0 1 ExecStart) [ "@" "-" ":" "+" "!" ]; in assert !hasSpecialPrefix; pkgs.writeTextDir "etc/systemd/system/${n}.service.d/distributed.conf" '' [Unit] - Requires=consul-ready.service - After=consul-ready.service + Requires=consul-ready.target + After=consul-ready.target [Service] ExecStartPre=${waitForConsul} 'services/${n}%i' ExecStart= ExecStart=${consul}/bin/consul lock --name=${n} --n=${toString cfg.replicas} --shell=false --child-exit-code 'services/${n}%i' ${optionalString (cfg.registerServices != []) runWithRegistration} ${ExecStart} Environment="CONSUL_HTTP_ADDR=${consulHttpAddr}" + Environment="CONSUL_HTTP_TOKEN_FILE=/run/locksmith/consul-systemManagementToken" ${optionalString (v.serviceConfig ? RestrictAddressFamilies) "RestrictAddressFamilies=AF_NETLINK"} ${optionalString (cfg.registerServices != []) (lib.concatStringsSep "\n" (map (svc: "ExecStopPost=${svc.commands.deregister}") svcs))} ''))