m1cr0man
commented
1 year ago Sorry I didn't have time to do a good answer today. I'll try get some testing done as soon as possible. A couple of key points pending further explanation:
- the reload service predates reloadServices by about a year
- the amount of service relations and in particular the ConditionPathExists prevent startup issues during config changes, and the test suite is designed to cover a lot of these
- a similar service exists for Httpd for the same reason
- Check out the history on #91121 for some insight and in particular the restructuring commit message.
I will say I appreciate the criticalness on the design and it may be possible to simplify now but there are so many edge cases wrt cert reloading that I'll have to be super careful not to forget any of them if it's removed in favour of reload services. Off the top of my head, config switching (as in nixos-rebuild) is definitely one big problem to solve for.
Why is Nginx reloaded every time
acme-example.com.serviceruns (daily on my system × number of certs), as opposed to when the certificate is actually renewed?In other words, why do we need this impenetrable pile of code instead of just
reloadServices = [ "nginx.service" ];a couple lines below?cc @NixOS/acme