From eee255ff2ffd90477889740a56ee75cf7020886e Mon Sep 17 00:00:00 2001
From: Maximilian Bosch <maximilian@mbosch.me>
Date: Sun, 25 Jan 2026 14:49:58 +0100
Subject: [PATCH] module: wait for postgresql.target

This is needed since 25.11 because the target is what makes sure that
PostgreSQL is not only up, but also in rw-mode (and ensure* being
applied).

Also adding this to `authentik-worker` to prevent situations where
postgresql.service stops before the worker on reboot and the worker
blocks shutdown while trying to reconnect to the database[1].

[1] https://github.com/nix-community/authentik-nix/pull/86#issuecomment-3794325343
---
 module.nix | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/module.nix b/module.nix
index e02a2b2..5b56611 100644
--- a/module.nix
+++ b/module.nix
@@ -353,9 +353,9 @@ in
 
         systemd.services = {
           authentik-migrate = {
-            requires = lib.optionals cfg.createDatabase [ "postgresql.service" ];
+            requires = lib.optionals cfg.createDatabase [ "postgresql.target" ];
             wants = [ "network-online.target" ];
-            after = [ "network-online.target" ] ++ lib.optionals cfg.createDatabase [ "postgresql.service" ];
+            after = [ "network-online.target" ] ++ lib.optionals cfg.createDatabase [ "postgresql.target" ];
             before = [ "authentik.service" "authentik-migrate.service" ];
             restartTriggers = [ config.environment.etc."authentik/config.yml".source ];
             environment = mkMerge [
@@ -381,8 +381,9 @@ in
             ];
           };
           authentik-worker = {
+            requires = lib.optionals cfg.createDatabase [ "postgresql.target" ];
             wants = [ "network-online.target" ];
-            after = [ "network-online.target" ];
+            after = [ "network-online.target" ] ++ lib.optionals cfg.createDatabase [ "postgresql.target" ];
             before = [ "authentik.service" ];
             restartTriggers = [ config.environment.etc."authentik/config.yml".source ];
             preStart = ''
@@ -423,7 +424,7 @@ in
             after = [
               "network-online.target"
             ]
-            ++ (lib.optionals cfg.createDatabase [ "postgresql.service" ]);
+            ++ (lib.optionals cfg.createDatabase [ "postgresql.target" ]);
             restartTriggers = [ config.environment.etc."authentik/config.yml".source ];
             preStart = ''
               ln -svf ${cfg.authentikComponents.staticWorkdirDeps}/* /var/lib/authentik/