summaryrefslogtreecommitdiff
path: root/modules/certspotter.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/certspotter.nix')
-rw-r--r--modules/certspotter.nix12
1 files changed, 10 insertions, 2 deletions
diff --git a/modules/certspotter.nix b/modules/certspotter.nix
index 4dee0d37..aae6a313 100644
--- a/modules/certspotter.nix
+++ b/modules/certspotter.nix
@@ -19,6 +19,15 @@ let
19 ++ ["-watchlist" (pkgs.writeText "watchlist" (concatStringsSep "\n" cfg.watchList)) 19 ++ ["-watchlist" (pkgs.writeText "watchlist" (concatStringsSep "\n" cfg.watchList))
20 "-script" "${script}/bin/certspotter-script" 20 "-script" "${script}/bin/certspotter-script"
21 ]; 21 ];
22
23 startScript = pkgs.writeShellApplication {
24 name = "certspotter-start";
25 runtimeInputs = [ pkgs.coreutils cfg.package ];
26 text = ''
27 rm -f "''${STATE_DIRECTORY}/lock"
28 certspotter -state_dir "''${STATE_DIRECTORY}" ${escapeShellArgs startOptions}
29 '';
30 };
22in { 31in {
23 options = { 32 options = {
24 services.certspotter = { 33 services.certspotter = {
@@ -45,8 +54,7 @@ in {
45 systemd.services.certspotter = { 54 systemd.services.certspotter = {
46 serviceConfig = { 55 serviceConfig = {
47 Type = "oneshot"; 56 Type = "oneshot";
48 ExecStartPre = "${pkgs.coreutils}/bin/rm -f $STATE_DIRECTORY/lock"; 57 ExecStart = "${startScript}/bin/certspotter-start";
49 ExecStart = "${cfg.package}/bin/certspotter -state_dir $STATE_DIRECTORY ${escapeShellArgs startOptions}";
50 StateDirectory = "certspotter"; 58 StateDirectory = "certspotter";
51 LogsDirectory = "certspotter"; 59 LogsDirectory = "certspotter";
52 DynamicUser = true; 60 DynamicUser = true;