From 14b79f43cfa787fda9ea1f3830de5f7c547487e1 Mon Sep 17 00:00:00 2001
From: damocles <damocles@hyperhive>
Date: Sun, 24 May 2026 13:15:26 +0200
Subject: [PATCH] lifecycle: stop before update for boot-style apply
 (mara@#372)

---
 hive-c0re/src/lifecycle.rs | 30 ++++++++++++++++++------------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/hive-c0re/src/lifecycle.rs b/hive-c0re/src/lifecycle.rs
index 2f6b622..cb12cb5 100644
--- a/hive-c0re/src/lifecycle.rs
+++ b/hive-c0re/src/lifecycle.rs
@@ -337,24 +337,30 @@ pub async fn rebuild_no_meta(
     let flake_ref = format!("{}#{name}", crate::meta::meta_dir().display());
     if container_exists(name).await {
         // Existing container: preserve the prior running state across
-        // rebuild (closes #371). `nixos-container update` itself is
-        // already state-preserving — its only side effect on the running
-        // unit is a `systemctl reload container@<c>` gated on
-        // `isContainerRunning`, so a stopped container stays stopped
-        // after the build + profile bump. We only need to recycle the
-        // outer unit when the container was running, so that any
-        // changes to `/etc/nixos-containers/<c>.conf` (EXTRA_NSPAWN_FLAGS)
-        // or our systemd drop-ins (resource limits, stale-mount
-        // cleanup) are re-read by the next nspawn invocation. If a
-        // racing operator action started the container during the
-        // rebuild, that's their intent — don't override.
+        // rebuild (closes #371) and apply both the new system profile
+        // AND any `/etc/nixos-containers/<c>.conf` / drop-in changes
+        // in a single start rather than `update`'s reload-then-outer-
+        // restart double-bounce.
+        //
+        // `nixos-container update` only runs `systemctl reload
+        // container@<c>` when the container is up (per the
+        // `isContainerRunning` check in nixos-container.pl), so
+        // stopping first makes `update` boot-style: build + nix-env
+        // --set the new profile, skip the in-container
+        // switch-to-configuration, let the next `start` apply both
+        // the new profile and the new EXTRA_NSPAWN_FLAGS in one go.
+        // If the container was already stopped, `update` builds + sets
+        // the profile and we leave it stopped.
         let was_running = is_running(name).await;
         set_nspawn_flags(&container, agent_dir, claude_dir, notes_dir)?;
         set_resource_limits(&container)?;
         systemd_daemon_reload().await?;
+        if was_running {
+            run(&["stop", &container]).await?;
+        }
         run(&["update", &container, "--flake", &flake_ref]).await?;
         if was_running {
-            run(&["restart", &container]).await
+            run(&["start", &container]).await
         } else {
             Ok(())
         }