From 6a11b7a77777eeea5f6f7ce062cba5d458a92875 Mon Sep 17 00:00:00 2001
From: Joris Bolsens <joris@jojolabs.com>
Date: Mon, 12 Feb 2024 22:50:27 -0800
Subject: [PATCH] nixos/kubernetes: don't delete the apitoken after its created

This was breaking the nixos-kubernetes-node-join script
the token gets copied, and then immediately overridden with /dev/null when certmgr restarts.
---
 nixos/modules/services/cluster/kubernetes/pki.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/services/cluster/kubernetes/pki.nix b/nixos/modules/services/cluster/kubernetes/pki.nix
index 9a01238c2391..a4b5cb8eda86 100644
--- a/nixos/modules/services/cluster/kubernetes/pki.nix
+++ b/nixos/modules/services/cluster/kubernetes/pki.nix
@@ -192,7 +192,8 @@ in
         mkdir -p "$(dirname "${certmgrAPITokenPath}")"
         if [ -f "${cfsslAPITokenPath}" ]; then
           ln -fs "${cfsslAPITokenPath}" "${certmgrAPITokenPath}"
-        else
+        elif [ ! -f "${certmgrAPITokenPath}" ]; then
+          # Don't remove the token if it already exists
           install -m 600 /dev/null "${certmgrAPITokenPath}"
         fi
       ''