Add ExecStartPre to wait for Zitadel JWT and update flake.lock paths
This commit is contained in:
RingOfStorms (Joshua Bell)
parent
8b54ce4b37
commit
6dea74a2a8
3 changed files with 31 additions and 11 deletions
|
|
@ -371,8 +371,10 @@ in
|
||||||
"network-online.target"
|
"network-online.target"
|
||||||
"zitadel-mint-jwt.service"
|
"zitadel-mint-jwt.service"
|
||||||
];
|
];
|
||||||
wants = [ "network-online.target" ];
|
wants = [
|
||||||
requires = [ "zitadel-mint-jwt.service" ];
|
"network-online.target"
|
||||||
|
"zitadel-mint-jwt.service"
|
||||||
|
];
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
|
|
@ -382,6 +384,25 @@ in
|
||||||
RestartSec = "30s";
|
RestartSec = "30s";
|
||||||
|
|
||||||
UMask = "0077";
|
UMask = "0077";
|
||||||
|
ExecStartPre = pkgs.writeShellScript "openbao-wait-jwt" ''
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
for i in {1..180}; do
|
||||||
|
if [ -s "${cfg.zitadelJwtPath}" ]; then
|
||||||
|
jwt="$(cat "${cfg.zitadelJwtPath}")"
|
||||||
|
# very cheap sanity check: JWT has at least 2 dots
|
||||||
|
if ${pkgs.gnugrep}/bin/grep -q '\\..*\\.' <<<"$jwt"; then
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
sleep 1
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "Missing or invalid Zitadel JWT at ${cfg.zitadelJwtPath}" >&2
|
||||||
|
exit 1
|
||||||
|
'';
|
||||||
|
|
||||||
ExecStart = "${pkgs.openbao}/bin/bao agent -config=${mkAgentConfig}";
|
ExecStart = "${pkgs.openbao}/bin/bao agent -config=${mkAgentConfig}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
9
hosts/juni/flake.lock
generated
9
hosts/juni/flake.lock
generated
|
|
@ -1310,15 +1310,14 @@
|
||||||
},
|
},
|
||||||
"secrets-bao": {
|
"secrets-bao": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1767590305,
|
"path": "../../flakes/secrets-bao",
|
||||||
"narHash": "sha256-yXJ0TpPqsKznLn6bHpDpeSzIvL7T1lWxxhZ6cmAjqhQ=",
|
|
||||||
"path": "/home/josh/.config/nixos-config/flakes/secrets-bao",
|
|
||||||
"type": "path"
|
"type": "path"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"path": "/home/josh/.config/nixos-config/flakes/secrets-bao",
|
"path": "../../flakes/secrets-bao",
|
||||||
"type": "path"
|
"type": "path"
|
||||||
}
|
},
|
||||||
|
"parent": []
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"root": "root",
|
"root": "root",
|
||||||
|
|
|
||||||
8
hosts/lio/flake.lock
generated
8
hosts/lio/flake.lock
generated
|
|
@ -64,11 +64,11 @@
|
||||||
"common": {
|
"common": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"dir": "flakes/common",
|
"dir": "flakes/common",
|
||||||
"lastModified": 1767587784,
|
"lastModified": 1767592562,
|
||||||
"narHash": "sha256-xHZwNiDUshkQg1yUu+RFdkFAa8jj0XkAFpZjuUqi0wo=",
|
"narHash": "sha256-MoSZeW3agnrU15NYk6pjfKFbgsXnYoLaOMhsL3zNHD4=",
|
||||||
"ref": "refs/heads/master",
|
"ref": "refs/heads/master",
|
||||||
"rev": "effa01310bfe91ef7a39a035f021a0dc4e345e58",
|
"rev": "8b54ce4b3799ac48b2093018504eccad2852c0f7",
|
||||||
"revCount": 1042,
|
"revCount": 1050,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
|
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
|
||||||
},
|
},
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue