another try to fix some scripts

modules/headscale-auth.nix

@@ -58,13 +58,13 @@ with lib;
             HEADSCALE_CLI_ADDRESS = "wg.ataraxiadev.com:443";
           };
           script = ''
+            while true; do
               auth_key=$(headscale preauthkeys create -e ${cfg.expire} -u ${cfg.user} -o json ${optionalString cfg.ephemeral "--ephemeral"} | jq -r .key)
-            if [ "$auth_key" = "null" ]; then
+              [[ "$auth_key" = "null" ]] || break
-              echo "Cannot retrieve auth key." >&2
+              echo "Cannot retrieve auth key. Will try again after 5 seconds." >&2
-              exit 1
+              sleep 5
-            else
+            done
             echo $auth_key > "${cfg.outPath}"
-            fi
           '';
           serviceConfig = {
             EnvironmentFile = config.sops.secrets.headscale-api-env.path;

profiles/servers/vault.nix

@@ -24,10 +24,16 @@ in {
     wantedBy = [ "multi-user.target" ];
     partOf = [ "vault.service" ];
     after = [ "vault.service" ];
-    path = [ pkgs.curl ];
+    path = [ pkgs.curl pkgs.jq ];
     script = ''
-      set -aeuo pipefail
+      set -a
       source ${config.sops.secrets.vault-keys-env.path}
+      while true; do
+        initialized=$(curl -s ${api-addr}/v1/sys/health | jq -r '.initialized')
+        [[ "$initialized" = "true" ]] && break
+        echo "Vault has not been initialized yet. Will try again after 5 seconds." >&2
+        sleep 5
+      done
       curl -H "Content-Type: application/json" --data "{\"key\":\"$VAULT_KEY1\"}" ${api-addr}/v1/sys/unseal >/dev/null 2>&1
       curl -H "Content-Type: application/json" --data "{\"key\":\"$VAULT_KEY2\"}" ${api-addr}/v1/sys/unseal >/dev/null 2>&1
       curl -H "Content-Type: application/json" --data "{\"key\":\"$VAULT_KEY3\"}" ${api-addr}/v1/sys/unseal >/dev/null 2>&1