diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-03-26 17:21:38 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-03-26 17:21:38 +0100 |
commit | 10ce0b3149561d4b84afaf83f78c6d459189a911 (patch) | |
tree | 6dbf95125727e43be8d930d337bbc08a706823a3 /modules/certspotter.nix | |
parent | ad5b32b90a6b79c7f84819f53c5da79fe86128c1 (diff) | |
download | nixos-10ce0b3149561d4b84afaf83f78c6d459189a911.tar nixos-10ce0b3149561d4b84afaf83f78c6d459189a911.tar.gz nixos-10ce0b3149561d4b84afaf83f78c6d459189a911.tar.bz2 nixos-10ce0b3149561d4b84afaf83f78c6d459189a911.tar.xz nixos-10ce0b3149561d4b84afaf83f78c6d459189a911.zip |
...
Diffstat (limited to 'modules/certspotter.nix')
-rw-r--r-- | modules/certspotter.nix | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/modules/certspotter.nix b/modules/certspotter.nix index 4dee0d37..aae6a313 100644 --- a/modules/certspotter.nix +++ b/modules/certspotter.nix | |||
@@ -19,6 +19,15 @@ let | |||
19 | ++ ["-watchlist" (pkgs.writeText "watchlist" (concatStringsSep "\n" cfg.watchList)) | 19 | ++ ["-watchlist" (pkgs.writeText "watchlist" (concatStringsSep "\n" cfg.watchList)) |
20 | "-script" "${script}/bin/certspotter-script" | 20 | "-script" "${script}/bin/certspotter-script" |
21 | ]; | 21 | ]; |
22 | |||
23 | startScript = pkgs.writeShellApplication { | ||
24 | name = "certspotter-start"; | ||
25 | runtimeInputs = [ pkgs.coreutils cfg.package ]; | ||
26 | text = '' | ||
27 | rm -f "''${STATE_DIRECTORY}/lock" | ||
28 | certspotter -state_dir "''${STATE_DIRECTORY}" ${escapeShellArgs startOptions} | ||
29 | ''; | ||
30 | }; | ||
22 | in { | 31 | in { |
23 | options = { | 32 | options = { |
24 | services.certspotter = { | 33 | services.certspotter = { |
@@ -45,8 +54,7 @@ in { | |||
45 | systemd.services.certspotter = { | 54 | systemd.services.certspotter = { |
46 | serviceConfig = { | 55 | serviceConfig = { |
47 | Type = "oneshot"; | 56 | Type = "oneshot"; |
48 | ExecStartPre = "${pkgs.coreutils}/bin/rm -f $STATE_DIRECTORY/lock"; | 57 | ExecStart = "${startScript}/bin/certspotter-start"; |
49 | ExecStart = "${cfg.package}/bin/certspotter -state_dir $STATE_DIRECTORY ${escapeShellArgs startOptions}"; | ||
50 | StateDirectory = "certspotter"; | 58 | StateDirectory = "certspotter"; |
51 | LogsDirectory = "certspotter"; | 59 | LogsDirectory = "certspotter"; |
52 | DynamicUser = true; | 60 | DynamicUser = true; |