nixos/duosec: ensure correct ordering w.r.t. shutdown.target

author: Philip Taron <philip.taron@gmail.com> 2023-11-30 15:02:51 -0800
committer: Philip Taron <philip.taron@gmail.com> 2023-11-30 15:02:51 -0800
commit: d7ab46ed87ca8385e80ddff6138145baeacf033f (patch)
tree: 0ba7dc1cbe8182b7454a191ffcfa034315529bff /nixos/modules/security
parent: 407ef67228d2a1206e40a6978e5cb8a41ebb290f (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/nixos/modules/security/duosec.nix b/nixos/modules/security/duosec.nix
index 2a855a77e3a39..ef76bfeb6d66a 100644
--- a/nixos/modules/security/duosec.nix
+++ b/nixos/modules/security/duosec.nix
@@ -195,7 +195,8 @@ in
 
     systemd.services.login-duo = lib.mkIf cfg.ssh.enable {
       wantedBy = [ "sysinit.target" ];
-      before = [ "sysinit.target" ];
+      before = [ "sysinit.target" "shutdown.target" ];
+      conflicts = [ "shutdown.target" ];
       unitConfig.DefaultDependencies = false;
       script = ''
         if test -f "${cfg.secretKeyFile}"; then
@@ -216,7 +217,8 @@ in
 
     systemd.services.pam-duo = lib.mkIf cfg.ssh.enable {
       wantedBy = [ "sysinit.target" ];
-      before = [ "sysinit.target" ];
+      before = [ "sysinit.target" "shutdown.target" ];
+      conflicts = [ "shutdown.target" ];
       unitConfig.DefaultDependencies = false;
       script = ''
         if test -f "${cfg.secretKeyFile}"; then
author	Philip Taron <philip.taron@gmail.com>	2023-11-30 15:02:51 -0800
committer	Philip Taron <philip.taron@gmail.com>	2023-11-30 15:02:51 -0800
commit	d7ab46ed87ca8385e80ddff6138145baeacf033f (patch)
tree	0ba7dc1cbe8182b7454a191ffcfa034315529bff /nixos/modules/security
parent	407ef67228d2a1206e40a6978e5cb8a41ebb290f (diff)