diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-03-26 17:21:38 +0100 |
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-03-26 17:21:38 +0100 |
| commit | 10ce0b3149561d4b84afaf83f78c6d459189a911 (patch) | |
| tree | 6dbf95125727e43be8d930d337bbc08a706823a3 | |
| parent | ad5b32b90a6b79c7f84819f53c5da79fe86128c1 (diff) | |
| download | nixos-10ce0b3149561d4b84afaf83f78c6d459189a911.tar nixos-10ce0b3149561d4b84afaf83f78c6d459189a911.tar.gz nixos-10ce0b3149561d4b84afaf83f78c6d459189a911.tar.bz2 nixos-10ce0b3149561d4b84afaf83f78c6d459189a911.tar.xz nixos-10ce0b3149561d4b84afaf83f78c6d459189a911.zip | |
...
| -rw-r--r-- | modules/certspotter.nix | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/modules/certspotter.nix b/modules/certspotter.nix index 4dee0d37..aae6a313 100644 --- a/modules/certspotter.nix +++ b/modules/certspotter.nix | |||
| @@ -19,6 +19,15 @@ let | |||
| 19 | ++ ["-watchlist" (pkgs.writeText "watchlist" (concatStringsSep "\n" cfg.watchList)) | 19 | ++ ["-watchlist" (pkgs.writeText "watchlist" (concatStringsSep "\n" cfg.watchList)) |
| 20 | "-script" "${script}/bin/certspotter-script" | 20 | "-script" "${script}/bin/certspotter-script" |
| 21 | ]; | 21 | ]; |
| 22 | |||
| 23 | startScript = pkgs.writeShellApplication { | ||
| 24 | name = "certspotter-start"; | ||
| 25 | runtimeInputs = [ pkgs.coreutils cfg.package ]; | ||
| 26 | text = '' | ||
| 27 | rm -f "''${STATE_DIRECTORY}/lock" | ||
| 28 | certspotter -state_dir "''${STATE_DIRECTORY}" ${escapeShellArgs startOptions} | ||
| 29 | ''; | ||
| 30 | }; | ||
| 22 | in { | 31 | in { |
| 23 | options = { | 32 | options = { |
| 24 | services.certspotter = { | 33 | services.certspotter = { |
| @@ -45,8 +54,7 @@ in { | |||
| 45 | systemd.services.certspotter = { | 54 | systemd.services.certspotter = { |
| 46 | serviceConfig = { | 55 | serviceConfig = { |
| 47 | Type = "oneshot"; | 56 | Type = "oneshot"; |
| 48 | ExecStartPre = "${pkgs.coreutils}/bin/rm -f $STATE_DIRECTORY/lock"; | 57 | ExecStart = "${startScript}/bin/certspotter-start"; |
| 49 | ExecStart = "${cfg.package}/bin/certspotter -state_dir $STATE_DIRECTORY ${escapeShellArgs startOptions}"; | ||
| 50 | StateDirectory = "certspotter"; | 58 | StateDirectory = "certspotter"; |
| 51 | LogsDirectory = "certspotter"; | 59 | LogsDirectory = "certspotter"; |
| 52 | DynamicUser = true; | 60 | DynamicUser = true; |