summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--modules/certspotter.nix11
1 files changed, 10 insertions, 1 deletions
diff --git a/modules/certspotter.nix b/modules/certspotter.nix
index 8d49b9e9..70c28b74 100644
--- a/modules/certspotter.nix
+++ b/modules/certspotter.nix
@@ -5,9 +5,19 @@ with lib;
5let 5let
6 cfg = config.services.certspotter; 6 cfg = config.services.certspotter;
7 7
8 script = pkgs.writeShellApplication {
9 name = "certspotter-script";
10 runtimeInputs = with pkgs; [ coreutils ];
11 text = ''
12 mkdir -p "''${LOGS_DIRECTORY}"
13 env > $(mktemp -p "''${LOGS_DIRECTORY}" $(date -Ins).XXXXXXXXXX.env)
14 '';
15 };
16
8 startOptions = cfg.extraOptions 17 startOptions = cfg.extraOptions
9 ++ optionals (cfg.logs != null) ["-logs" cfg.logs] 18 ++ optionals (cfg.logs != null) ["-logs" cfg.logs]
10 ++ ["-watchlist" (pkgs.writeText "watchlist" (concatStringsSep "\n" cfg.watchList)) 19 ++ ["-watchlist" (pkgs.writeText "watchlist" (concatStringsSep "\n" cfg.watchList))
20 "-script" "${script}/bin/certspotter-script"
11 ]; 21 ];
12in { 22in {
13 options = { 23 options = {
@@ -39,7 +49,6 @@ in {
39 ExecStart = "${cfg.package}/bin/certspotter -state_dir $STATE_DIRECTORY ${escapeShellArgs startOptions}"; 49 ExecStart = "${cfg.package}/bin/certspotter -state_dir $STATE_DIRECTORY ${escapeShellArgs startOptions}";
40 StateDirectory = "certspotter"; 50 StateDirectory = "certspotter";
41 LogsDirectory = "certspotter"; 51 LogsDirectory = "certspotter";
42 StandardOutput = "append:$LOGS_DIRECTORY/certspotter.log";
43 DynamicUser = true; 52 DynamicUser = true;
44 }; 53 };
45 }; 54 };