feat(sops-nix): use restartUnits

2025-12-07 16:34:21 +08:00
parent 010789965a
commit 90b85963cd
10 changed files with 22 additions and 5 deletions
--- a/config/hosts/imxyy-nix-server/build.nix
+++ b/config/hosts/imxyy-nix-server/build.nix
@@ -7,6 +7,7 @@
 {
  sops.secrets.et-imxyy-nix-server-nixremote = {
    sopsFile = secrets.et-imxyy-nix-server-nixremote;
+    restartUnits = [ "easytier-nixremote.service" ];
    format = "binary";
  };
  environment.systemPackages = [ pkgs.easytier ];
--- a/config/hosts/imxyy-nix-server/efl.nix
+++ b/config/hosts/imxyy-nix-server/efl.nix
@@ -2,6 +2,7 @@
 {
  sops.secrets.efl-tuwunel-env = {
    sopsFile = secrets.efl-tuwunel;
+    restartUnits = [ "podman-tuwunel.service" ];
    format = "dotenv";
  };
  virtualisation.oci-containers.containers = {
--- a/config/hosts/imxyy-nix-server/matrix.nix
+++ b/config/hosts/imxyy-nix-server/matrix.nix
@@ -9,12 +9,14 @@
  ];
  sops.secrets.tuwunel-reg-token = {
    sopsFile = secrets.tuwunel-reg-token;
+    restartUnits = [ "tuwunel.service" ];
    format = "binary";
    owner = config.services.matrix-tuwunel.user;
    group = config.services.matrix-tuwunel.group;
  };
  sops.secrets.tuwunel-turn-secret = {
    sopsFile = secrets.tuwunel-turn-secret;
+    restartUnits = [ "tuwunel.service" ];
    format = "binary";
    owner = config.services.matrix-tuwunel.user;
    group = config.services.matrix-tuwunel.group;
@@ -68,6 +70,7 @@

  sops.secrets.mautrix-telegram = {
    sopsFile = secrets.mautrix-telegram;
+    restartUnits = [ "mautrix-telegram.service" ];
    format = "dotenv";
    owner = "mautrix-telegram";
    group = "mautrix-telegram";
--- a/config/hosts/imxyy-nix-server/minio.nix
+++ b/config/hosts/imxyy-nix-server/minio.nix
@@ -2,6 +2,7 @@
 {
  sops.secrets.minio-env = {
    sopsFile = secrets.minio;
+    restartUnits = [ "minio.service" ];
    format = "dotenv";
  };
  services.minio = {
--- a/config/hosts/imxyy-nix-server/net.nix
+++ b/config/hosts/imxyy-nix-server/net.nix
@@ -142,6 +142,7 @@

  sops.secrets.dae-imxyy-nix-server = {
    sopsFile = secrets.dae-imxyy-nix-server;
+    restartUnits = [ "dae.service" ];
    format = "binary";
  };
  services.dae = {
@@ -154,6 +155,7 @@
  };
  sops.secrets.mihomo = {
    sopsFile = secrets.mihomo;
+    restartUnits = [ "mihomo.service" ];
    format = "yaml";
    key = "";
  };
@@ -166,6 +168,7 @@

  sops.secrets.frp-env = {
    sopsFile = secrets.frp;
+    restartUnits = [ "frp.service" ];
    format = "dotenv";
  };
  systemd.services.frp.serviceConfig.EnvironmentFile = [
@@ -429,6 +432,7 @@

  sops.secrets.et-imxyy-nix-server = {
    sopsFile = secrets.et-imxyy-nix-server;
+    restartUnits = [ "easytier.service" ];
    format = "binary";
  };
  environment.systemPackages = [ pkgs.easytier ];
--- a/config/hosts/imxyy-nix-server/note.nix
+++ b/config/hosts/imxyy-nix-server/note.nix
@@ -4,11 +4,10 @@
  ...
 }:
 {
-  sops.secrets = {
-    siyuan-env = {
-      sopsFile = secrets.siyuan;
-      format = "dotenv";
-    };
+  sops.secrets.siyuan-env = {
+    sopsFile = secrets.siyuan;
+    restartUnits = [ "siyuan.service" ];
+    format = "dotenv";
  };
  virtualisation.oci-containers.containers = {
    siyuan = {
--- a/config/hosts/imxyy-nix-server/rss.nix
+++ b/config/hosts/imxyy-nix-server/rss.nix
@@ -5,6 +5,7 @@ in
 {
  sops.secrets.rsshub-env = {
    sopsFile = secrets.rsshub;
+    restartUnits = [ "podman-rsshub.service" ];
    format = "dotenv";
  };
  users.users.rsshub = {
--- a/config/hosts/imxyy-nix-server/vault.nix
+++ b/config/hosts/imxyy-nix-server/vault.nix
@@ -2,6 +2,7 @@
 {
  sops.secrets.vaultwarden-env = {
    sopsFile = secrets.vaultwarden;
+    restartUnits = [ "vaultwarden.service" ];
    format = "dotenv";
  };
  services.postgresql.ensureUsers = [