diff options
author | Maximilian Bosch <maximilian@mbosch.me> | 2019-08-24 16:52:17 +0200 |
---|---|---|
committer | Maximilian Bosch <maximilian@mbosch.me> | 2019-08-27 18:55:55 +0200 |
commit | 56a7bc05e1265a2ef964f25a5df2de2f1f776df2 (patch) | |
tree | aaba74560e6102243c2cc8f3ee4130f167f70e16 /nixos/doc/manual/release-notes | |
parent | c09bc3e7e2f29b860bc554e04176953989a5b940 (diff) | |
download | nixpkgs-56a7bc05e1265a2ef964f25a5df2de2f1f776df2.tar nixpkgs-56a7bc05e1265a2ef964f25a5df2de2f1f776df2.tar.gz nixpkgs-56a7bc05e1265a2ef964f25a5df2de2f1f776df2.tar.bz2 nixpkgs-56a7bc05e1265a2ef964f25a5df2de2f1f776df2.tar.lz nixpkgs-56a7bc05e1265a2ef964f25a5df2de2f1f776df2.tar.xz nixpkgs-56a7bc05e1265a2ef964f25a5df2de2f1f776df2.tar.zst nixpkgs-56a7bc05e1265a2ef964f25a5df2de2f1f776df2.zip |
nixos/treewide: drop dependencies to `keys.target`
The `keys.target` is used to indicate whether all NixOps keys were successfully uploaded on an unattended reboot. However this can cause startup issues e.g. with NixOS containers (see #67265) and can block boots even though this might not be needed (e.g. with a dovecot2 instance running that doesn't need any of the NixOps keys). As described in the NixOps manual[1], dependencies to keys should be defined like this now: ``` nix { systemd.services.myservice = { after = [ "secret-key.service" ]; wants = [ "secret-key.service" ]; }; } ``` However I'd leave the issue open until it's discussed whether or not to keep `keys.target` in `nixpkgs`. [1] https://nixos.org/nixops/manual/#idm140737322342384
Diffstat (limited to 'nixos/doc/manual/release-notes')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-1909.xml | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1909.xml b/nixos/doc/manual/release-notes/rl-1909.xml index 6493bb99596..93cc1f2a138 100644 --- a/nixos/doc/manual/release-notes/rl-1909.xml +++ b/nixos/doc/manual/release-notes/rl-1909.xml @@ -291,6 +291,26 @@ configuration while being better type-checked and mergeable. </para> </listitem> + <listitem> + <para> + No service depends on <literal>keys.target</literal> anymore which is a systemd + target that indicates if all <link xlink:href="https://nixos.org/nixops/manual/#idm140737322342384">NixOps keys</link> were successfully uploaded. + Instead, <literal><key-name>-key.service</literal> should be used to define + a dependency of a key in a service. The full issue behind the <literal>keys.target</literal> + dependency is described at <link xlink:href="https://github.com/NixOS/nixpkgs/issues/67265">NixOS/nixpkgs#67265</link>. + </para> + <para> + The following services are affected by this: + <itemizedlist> + <listitem><para><link linkend="opt-services.dovecot2.enable"><literal>services.dovecot2</literal></link></para></listitem> + <listitem><para><link linkend="opt-services.nsd.enable"><literal>services.nsd</literal></link></para></listitem> + <listitem><para><link linkend="opt-services.softether.enable"><literal>services.softether</literal></link></para></listitem> + <listitem><para><link linkend="opt-services.strongswan.enable"><literal>services.strongswan</literal></link></para></listitem> + <listitem><para><link linkend="opt-services.strongswan-swanctl.enable"><literal>services.strongswan-swanctl</literal></link></para></listitem> + <listitem><para><link linkend="opt-services.httpd.enable"><literal>services.httpd</literal></link></para></listitem> + </itemizedlist> + </para> + </listitem> </itemizedlist> </section> |