diff options
| -rw-r--r-- | modules/certspotter.nix | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/modules/certspotter.nix b/modules/certspotter.nix index 8d49b9e9..70c28b74 100644 --- a/modules/certspotter.nix +++ b/modules/certspotter.nix | |||
| @@ -5,9 +5,19 @@ with lib; | |||
| 5 | let | 5 | let |
| 6 | cfg = config.services.certspotter; | 6 | cfg = config.services.certspotter; |
| 7 | 7 | ||
| 8 | script = pkgs.writeShellApplication { | ||
| 9 | name = "certspotter-script"; | ||
| 10 | runtimeInputs = with pkgs; [ coreutils ]; | ||
| 11 | text = '' | ||
| 12 | mkdir -p "''${LOGS_DIRECTORY}" | ||
| 13 | env > $(mktemp -p "''${LOGS_DIRECTORY}" $(date -Ins).XXXXXXXXXX.env) | ||
| 14 | ''; | ||
| 15 | }; | ||
| 16 | |||
| 8 | startOptions = cfg.extraOptions | 17 | startOptions = cfg.extraOptions |
| 9 | ++ optionals (cfg.logs != null) ["-logs" cfg.logs] | 18 | ++ optionals (cfg.logs != null) ["-logs" cfg.logs] |
| 10 | ++ ["-watchlist" (pkgs.writeText "watchlist" (concatStringsSep "\n" cfg.watchList)) | 19 | ++ ["-watchlist" (pkgs.writeText "watchlist" (concatStringsSep "\n" cfg.watchList)) |
| 20 | "-script" "${script}/bin/certspotter-script" | ||
| 11 | ]; | 21 | ]; |
| 12 | in { | 22 | in { |
| 13 | options = { | 23 | options = { |
| @@ -39,7 +49,6 @@ in { | |||
| 39 | ExecStart = "${cfg.package}/bin/certspotter -state_dir $STATE_DIRECTORY ${escapeShellArgs startOptions}"; | 49 | ExecStart = "${cfg.package}/bin/certspotter -state_dir $STATE_DIRECTORY ${escapeShellArgs startOptions}"; |
| 40 | StateDirectory = "certspotter"; | 50 | StateDirectory = "certspotter"; |
| 41 | LogsDirectory = "certspotter"; | 51 | LogsDirectory = "certspotter"; |
| 42 | StandardOutput = "append:$LOGS_DIRECTORY/certspotter.log"; | ||
| 43 | DynamicUser = true; | 52 | DynamicUser = true; |
| 44 | }; | 53 | }; |
| 45 | }; | 54 | }; |