Unverified Commit e30469a3 authored by John Soo's avatar John Soo
Browse files

nixos/minio: activate/restart service on credentials path changes 

Otherwise the `minio.service` service will fail either:

* with a message that the EnvironmentFile does not exist
* or silently with potentially stale credentials
parent 7f85002e

nixos/modules/services/web-servers/minio.nix

+52 −23
Original line number Diff line number Diff line
@@ -96,11 +96,12 @@ in 
  config = mkIf cfg.enable {

    warnings = optional ((cfg.accessKey != "") || (cfg.secretKey != "")) "services.minio.`accessKey` and services.minio.`secretKey` are deprecated, please use services.minio.`rootCredentialsFile` instead.";



    systemd.tmpfiles.rules = [

    systemd = lib.mkMerge [{

      tmpfiles.rules = [

        "d '${cfg.configDir}' - minio minio - -"

      ] ++ (map (x: "d '" + x + "' - minio minio - - ") cfg.dataDir);



    systemd.services.minio = {

      services.minio = {

        description = "Minio Object Storage";

        after = [ "network-online.target" ];

        wantedBy = [ "multi-user.target" ];
@@ -120,6 +121,34 @@ in 
          MINIO_BROWSER = "${if cfg.browser then "on" else "off"}";

        };

      };

    }



      (lib.mkIf (cfg.rootCredentialsFile != null) {

        services.minio.unitConfig.ConditionPathExists = cfg.rootCredentialsFile;



        paths.minio-root-credentials = {

          wantedBy = [ "multi-user.target" ];



          pathConfig = {

            PathChanged = [ cfg.rootCredentialsFile ];

            Unit = "minio-restart.service";

          };

        };



        services.minio-restart = {

          description = "Restart MinIO";



          script = ''

            systemctl restart minio.service

          '';



          serviceConfig = {

            Type = "oneshot";

            Restart = "on-failure";

            RestartSec = 5;

          };

        };

      })];



    users.users.minio = {

      group = "minio";