lifecycle: stop before update for boot-style apply (mara@#372)

2026-05-24 13:15:26 +02:00 · 2026-05-24 13:15:26 +02:00 · 14b79f43cf
commit 14b79f43cf
parent bc872fffb9
1 changed files with 18 additions and 12 deletions
--- a/hive-c0re/src/lifecycle.rs
+++ b/hive-c0re/src/lifecycle.rs
@ -337,24 +337,30 @@ pub async fn rebuild_no_meta(
    let flake_ref = format!("{}#{name}", crate::meta::meta_dir().display());
    if container_exists(name).await {
        // Existing container: preserve the prior running state across
-        // rebuild (closes #371). `nixos-container update` itself is
-        // already state-preserving — its only side effect on the running
-        // unit is a `systemctl reload container@<c>` gated on
-        // `isContainerRunning`, so a stopped container stays stopped
-        // after the build + profile bump. We only need to recycle the
-        // outer unit when the container was running, so that any
-        // changes to `/etc/nixos-containers/<c>.conf` (EXTRA_NSPAWN_FLAGS)
-        // or our systemd drop-ins (resource limits, stale-mount
-        // cleanup) are re-read by the next nspawn invocation. If a
-        // racing operator action started the container during the
-        // rebuild, that's their intent — don't override.
+        // rebuild (closes #371) and apply both the new system profile
+        // AND any `/etc/nixos-containers/<c>.conf` / drop-in changes
+        // in a single start rather than `update`'s reload-then-outer-
+        // restart double-bounce.
+        //
+        // `nixos-container update` only runs `systemctl reload
+        // container@<c>` when the container is up (per the
+        // `isContainerRunning` check in nixos-container.pl), so
+        // stopping first makes `update` boot-style: build + nix-env
+        // --set the new profile, skip the in-container
+        // switch-to-configuration, let the next `start` apply both
+        // the new profile and the new EXTRA_NSPAWN_FLAGS in one go.
+        // If the container was already stopped, `update` builds + sets
+        // the profile and we leave it stopped.
        let was_running = is_running(name).await;
        set_nspawn_flags(&container, agent_dir, claude_dir, notes_dir)?;
        set_resource_limits(&container)?;
        systemd_daemon_reload().await?;
+        if was_running {
+            run(&["stop", &container]).await?;
+        }
        run(&["update", &container, "--flake", &flake_ref]).await?;
        if was_running {
-            run(&["restart", &container]).await
+            run(&["start", &container]).await
        } else {
            Ok(())
        }