try multiple ternary option for arrow workflow

and see if remainafterexit fixes one of the issues

.github/workflows/arrow.yml

@@ -1,5 +1,7 @@
 name: Arrow
 
+run-name: Arrow - ${{ inputs.rebuild && 'Rebuild and ' || '' }}${{ inputs.action == 'create' && 'Create' || ( ${{ inputs.action == 'destroy' && 'Destroy' || 'No Action' ) }}
+
 env:
   TERRAFORM_DIRECTORY: hosts/arrow
   DEPLOY_IDENTITY_BASE64: ${{ secrets.DEPLOY_IDENTITY_BASE64 }}
@@ -24,6 +26,7 @@ on:
         options:
           - create
           - destroy
+          - nothing
 
 jobs:
   build-deploy:

modules/nixos/gaming/default.nix

@@ -3,7 +3,6 @@
   imports = [
     ./chiaki.nix
     ./dwarf-fortress.nix
-    ./leagueoflegends.nix
     ./legendary.nix
     ./lutris.nix
     ./minecraft-server.nix

modules/nixos/gaming/leagueoflegends.nix

@@ -1,32 +0,0 @@
-{ config, pkgs, lib, ... }: {
-
-  options.gaming.leagueoflegends.enable =
-    lib.mkEnableOption "League of Legends";
-
-  config =
-    lib.mkIf (config.gaming.leagueoflegends.enable && pkgs.stdenv.isLinux) {
-
-      # League of Legends anti-cheat requirement
-      boot.kernel.sysctl = { "abi.vsyscall32" = 0; };
-
-      environment.systemPackages = with pkgs; [
-
-        # Lutris requirement to install the game
-        lutris
-        amdvlk
-        wineWowPackages.stable
-        # vulkan-tools
-
-        # Required according to https://lutris.net/games/league-of-legends/
-        openssl
-        gnome.zenity
-
-        # Don't remember if this is required
-        dconf
-
-      ];
-
-      environment.sessionVariables = { QT_X11_NO_MITSHM = "1"; };
-
-    };
-}

modules/nixos/services/cloudflare.nix

@@ -98,52 +98,56 @@ in {
     services.transmission.settings.rpc-whitelist =
       builtins.concatStringsSep "," ([ "127.0.0.1" ] ++ cloudflareIpRanges);
 
-    services.cloudflare-dyndns = {
-      enable = true;
-      proxied = true;
-      deleteMissing = true;
-      apiTokenFile = config.secrets.cloudflare-api.dest;
-    };
+    services.cloudflare-dyndns = lib.mkIf
+      ((builtins.length config.services.cloudflare-dyndns.domains) > 0) {
+        enable = true;
+        proxied = true;
+        deleteMissing = true;
+        apiTokenFile = config.secrets.cloudflare-api.dest;
+      };
 
-    # Wait for secret to exist
-    systemd.services.cloudflare-dyndns = {
-      after = [ "cloudflare-api-secret.service" ];
-      requires = [ "cloudflare-api-secret.service" ];
-    };
+    # Wait for secret to exist to start
+    systemd.services.cloudflare-dyndns =
+      lib.mkIf config.services.cloudflare-dyndns.enable {
+        after = [ "cloudflare-api-secret.service" ];
+        requires = [ "cloudflare-api-secret.service" ];
+      };
 
     # Run a second copy of dyn-dns for non-proxied domains
     # Adapted from: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/networking/cloudflare-dyndns.nix
-    systemd.services.cloudflare-dyndns-noproxy = {
-      description = "CloudFlare Dynamic DNS Client (no proxy)";
-      after = [ "network.target" "cloudflare-api-secret.service" ];
-      requires = [ "cloudflare-api-secret.service" ];
-      wantedBy = [ "multi-user.target" ];
-      startAt = "*:0/5";
+    systemd.services.cloudflare-dyndns-noproxy =
+      lib.mkIf ((builtins.length config.cloudflare.noProxyDomains) > 0) {
+        description = "CloudFlare Dynamic DNS Client (no proxy)";
+        after = [ "network.target" "cloudflare-api-secret.service" ];
+        requires = [ "cloudflare-api-secret.service" ];
+        wantedBy = [ "multi-user.target" ];
+        startAt = "*:0/5";
 
-      environment = {
-        CLOUDFLARE_DOMAINS = toString config.cloudflare.noProxyDomains;
-      };
+        environment = {
+          CLOUDFLARE_DOMAINS = toString config.cloudflare.noProxyDomains;
+        };
 
-      serviceConfig = {
-        Type = "simple";
-        DynamicUser = true;
-        StateDirectory = "cloudflare-dyndns-noproxy";
-        EnvironmentFile = config.services.cloudflare-dyndns.apiTokenFile;
-        ExecStart = let
-          args = [ "--cache-file /var/lib/cloudflare-dyndns-noproxy/ip.cache" ]
-            ++ (if config.services.cloudflare-dyndns.ipv4 then
-              [ "-4" ]
-            else
-              [ "-no-4" ]) ++ (if config.services.cloudflare-dyndns.ipv6 then
-                [ "-6" ]
+        serviceConfig = {
+          Type = "simple";
+          DynamicUser = true;
+          StateDirectory = "cloudflare-dyndns-noproxy";
+          EnvironmentFile = config.services.cloudflare-dyndns.apiTokenFile;
+          ExecStart = let
+            args =
+              [ "--cache-file /var/lib/cloudflare-dyndns-noproxy/ip.cache" ]
+              ++ (if config.services.cloudflare-dyndns.ipv4 then
+                [ "-4" ]
               else
-                [ "-no-6" ])
-            ++ lib.optional config.services.cloudflare-dyndns.deleteMissing
-            "--delete-missing";
+                [ "-no-4" ]) ++ (if config.services.cloudflare-dyndns.ipv6 then
+                  [ "-6" ]
+                else
+                  [ "-no-6" ])
+              ++ lib.optional config.services.cloudflare-dyndns.deleteMissing
+              "--delete-missing";
 
-        in "${pkgs.cloudflare-dyndns}/bin/cloudflare-dyndns ${toString args}";
+          in "${pkgs.cloudflare-dyndns}/bin/cloudflare-dyndns ${toString args}";
+        };
       };
-    };
 
   };
 }

modules/nixos/services/identity.nix

@@ -4,7 +4,10 @@
   systemd.services.wait-for-identity = {
     description = "Wait until identity file exists on the machine";
     wantedBy = [ "multi-user.target" ];
-    serviceConfig = { Type = "oneshot"; };
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+    };
     script = ''
       for i in $(seq 1 10); do
           if [ -f ${config.identityFile} ]; then

modules/nixos/services/secrets.nix

@@ -68,7 +68,8 @@
 
         description = "Decrypt secret for ${name}";
         wantedBy = [ "multi-user.target" ];
-        requires = [ "wait-for-identity.service" ];
+        bindsTo = [ "wait-for-identity.service" ];
+        after = [ "wait-for-identity.service" ];
         serviceConfig.Type = "oneshot";
         script = ''
           echo "${attrs.prefix}$(

modules/nixos/services/transmission.nix

@@ -40,15 +40,15 @@
     };
 
     # Create reverse proxy for web UI
-    caddy.routes = lib.mkAfter [{
-      group =
-        if (config.hostnames.download == config.hostnames.transmission) then
-          "download"
-        else
-          "transmission";
+    caddy.routes = let
+      # Set if the download domain is the same as the Transmission domain
+      useDownloadDomain = config.hostnames.download
+        == config.hostnames.transmission;
+    in lib.mkAfter [{
+      group = if useDownloadDomain then "download" else "transmission";
       match = [{
         host = [ config.hostnames.transmission ];
-        path = [ "/transmission*" ];
+        path = if useDownloadDomain then [ "/transmission*" ] else null;
       }];
       handle = [{
         handler = "reverse_proxy";