From db6154c1c513b538d2b7ab10fba990a7f954a4f0 Mon Sep 17 00:00:00 2001 From: aitbc Date: Wed, 29 Apr 2026 10:09:49 +0200 Subject: [PATCH] Add boot-time secrets loading service to prevent service failures after reboot - Add aitbc-load-secrets.service to load /run/aitbc/secrets/.env at boot - Add aitbc-secrets.conf tmpfiles.d config to create secrets directory - Update link-systemd.sh to deploy tmpfiles.d configurations - Fixes issue where services fail with 'Failed to load environment files' after reboot --- scripts/config/aitbc-secrets.conf | 4 ++++ scripts/utils/link-systemd.sh | 24 ++++++++++++++++++++++++ systemd/aitbc-load-secrets.service | 12 ++++++++++++ 3 files changed, 40 insertions(+) create mode 100644 scripts/config/aitbc-secrets.conf create mode 100644 systemd/aitbc-load-secrets.service diff --git a/scripts/config/aitbc-secrets.conf b/scripts/config/aitbc-secrets.conf new file mode 100644 index 00000000..f4252a1b --- /dev/null +++ b/scripts/config/aitbc-secrets.conf @@ -0,0 +1,4 @@ +# Create runtime directory for AITBC secrets at boot +# This directory is in tmpfs (/run) and gets cleared on reboot +# Deployed to /etc/tmpfiles.d/ by setup scripts +d /run/aitbc/secrets 0700 root root - diff --git a/scripts/utils/link-systemd.sh b/scripts/utils/link-systemd.sh index e9bf0dbd..c9dfc924 100755 --- a/scripts/utils/link-systemd.sh +++ b/scripts/utils/link-systemd.sh @@ -8,10 +8,14 @@ REPO_SYSTEMD_DIR="/opt/aitbc/systemd" ACTIVE_SYSTEMD_DIR="/etc/systemd/system" +REPO_CONFIG_DIR="/opt/aitbc/scripts/config" +ACTIVE_TMPFILES_DIR="/etc/tmpfiles.d" echo "=== AITBC SYSTEMD LINKING ===" echo "Repository: $REPO_SYSTEMD_DIR" echo "Active: $ACTIVE_SYSTEMD_DIR" +echo "Config: $REPO_CONFIG_DIR" +echo "Tmpfiles: $ACTIVE_TMPFILES_DIR" echo # Check if running as root @@ -97,6 +101,26 @@ else echo " ⚠ī¸ Systemd daemon reload failed, but continuing..." fi +echo +echo "📁 Deploying tmpfiles.d configurations..." +if [[ -d "$REPO_CONFIG_DIR" ]]; then + for file in "$REPO_CONFIG_DIR"/*.conf; do + if [[ -f "$file" ]]; then + filename=$(basename "$file") + target="$ACTIVE_TMPFILES_DIR/$filename" + echo " 📋 Deploying: $filename -> $target" + if cp "$file" "$target" 2>/dev/null; then + echo " ✅ Successfully deployed: $filename" + else + echo " ❌ Failed to deploy: $filename" + ((error_count++)) + fi + fi + done +else + echo " ℹī¸ Config directory not found: $REPO_CONFIG_DIR (skipping tmpfiles.d deployment)" +fi + echo echo "✅ Systemd linking completed!" echo diff --git a/systemd/aitbc-load-secrets.service b/systemd/aitbc-load-secrets.service new file mode 100644 index 00000000..80f3b342 --- /dev/null +++ b/systemd/aitbc-load-secrets.service @@ -0,0 +1,12 @@ +[Unit] +Description=Load AITBC secrets at boot +Before=aitbc-blockchain-rpc.service aitbc-coordinator-api.service aitbc-wallet.service aitbc-agent-coordinator.service +After=network.target + +[Service] +Type=oneshot +ExecStart=/opt/aitbc/scripts/utils/load-keystore-secrets.sh +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target