From 9d9da8c11482f776aa0a531895aa3558bc5cfb34 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Fri, 30 Aug 2024 13:29:11 +0200
Subject: [PATCH] retiolum: make updating host keys slightly more atomic

---
 modules/retiolum/default.nix | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/modules/retiolum/default.nix b/modules/retiolum/default.nix
index 3fcff6a..4906023 100644
--- a/modules/retiolum/default.nix
+++ b/modules/retiolum/default.nix
@@ -69,12 +69,14 @@ in {
 
     systemd.services."tinc.${netname}-host-keys" = let
       install-keys = pkgs.writeShellScript "install-keys" ''
+        rm -rf /etc/tinc/${netname}/hosts.tmp
+        mkdir /etc/tinc/${netname}/hosts.tmp
+        cp -R ${hosts}/* /etc/tinc/${netname}/hosts.tmp
+        chown -R tinc-${netname} /etc/tinc/${netname}/hosts.tmp
+        chmod -R u+w /etc/tinc/${netname}/hosts.tmp
+
         rm -rf /etc/tinc/${netname}/hosts
-        cp -R ${hosts} /etc/tinc/${netname}/hosts
-        # FIXME: drop this once everyone has the new tinc user
-        chown -R tinc-${netname} /etc/tinc/${netname}/hosts ||
-          chown -R tinc.${netname} /etc/tinc/${netname}/hosts
-        chmod -R u+w /etc/tinc/${netname}/hosts
+        mv /etc/tinc/${netname}/hosts{.tmp,}
       '';
     in {
       description = "Install tinc.${netname} host keys";