From 5ec7d0120a6d3b0649b60eb32546f96b7f3423bb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Tue, 1 Nov 2022 09:41:58 +0100
Subject: [PATCH] nixos/vault-agent: default to stopIfChanged

---
 nix/modules/vault-agent.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/nix/modules/vault-agent.nix b/nix/modules/vault-agent.nix
index e6fd453..2a39165 100644
--- a/nix/modules/vault-agent.nix
+++ b/nix/modules/vault-agent.nix
@@ -76,6 +76,11 @@ in {
       lib.nameValuePair "vault-agent-${name}" {
         after = ["network.target"];
         wantedBy = ["multi-user.target"];
+
+        # Services that also have `stopIfChanged = false` might wait for secrets
+        # while `vault-agent` is still stopped. This for example happens with nginx.service.
+
+        stopIfChanged = false;
         # Needs getent in PATH
         path = [pkgs.glibc];
         serviceConfig = {