nebula: avoid restart due to inputs.self

diff --git a/share/nebula/sourcephile.fr.nix b/share/nebula/sourcephile.fr.nix
index a7c7f4992bdfac534d7f95cec623451d4823d1cb..373dfbfc5c56688c3219d4fee4bd54e5ff7d84d4 100644 (file)
--- a/share/nebula/sourcephile.fr.nix
+++ b/share/nebula/sourcephile.fr.nix
@@ -7,9 +7,12 @@ let
 in
 {
   environment.systemPackages = with pkgs; [ nebula ];
-  systemd.services."nebula@${domain}".serviceConfig.LoadCredentialEncrypted = [
-    "${hostName}.key:${inputs.self + "/hosts/${hostName}/nebula/${hostName}.key.cred"}"
-  ];
+  systemd.services."nebula@${domain}" = {
+    stopIfChanged = false;
+    serviceConfig.LoadCredentialEncrypted = [
+      "${hostName}.key:${inputs.self}/hosts/${hostName}/nebula/${hostName}.key.cred"
+    ];
+  };
   install.target = lib.mkDefault "\"\${NIXOS_TARGET:-root@${config.networking.hostName}.sp}\"";
   networking.hosts = {
     "${IPv4Prefix}.1" = [ "mermet.sp" ];
@@ -23,7 +26,7 @@ in
   services.nebula.networks.${domain} = {
     enable = true;
     ca = lib.mkDefault (./. + "/${domain}/ca.crt");
-    cert = lib.mkDefault (inputs.self + "/share/nebula/${domain}/${hostName}.crt");
+    cert = lib.mkDefault "${inputs.self}/share/nebula/${domain}/${hostName}.crt";
     key = "/run/credentials/nebula@${domain}.service/${hostName}.key";
     listen.host = lib.mkDefault "0.0.0.0";
     tun.device = lib.mkDefault "neb-sourcephile";