diff options
Diffstat (limited to 'modules/certspotter.nix')
| -rw-r--r-- | modules/certspotter.nix | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/modules/certspotter.nix b/modules/certspotter.nix index 4dee0d37..aae6a313 100644 --- a/modules/certspotter.nix +++ b/modules/certspotter.nix | |||
| @@ -19,6 +19,15 @@ let | |||
| 19 | ++ ["-watchlist" (pkgs.writeText "watchlist" (concatStringsSep "\n" cfg.watchList)) | 19 | ++ ["-watchlist" (pkgs.writeText "watchlist" (concatStringsSep "\n" cfg.watchList)) |
| 20 | "-script" "${script}/bin/certspotter-script" | 20 | "-script" "${script}/bin/certspotter-script" |
| 21 | ]; | 21 | ]; |
| 22 | |||
| 23 | startScript = pkgs.writeShellApplication { | ||
| 24 | name = "certspotter-start"; | ||
| 25 | runtimeInputs = [ pkgs.coreutils cfg.package ]; | ||
| 26 | text = '' | ||
| 27 | rm -f "''${STATE_DIRECTORY}/lock" | ||
| 28 | certspotter -state_dir "''${STATE_DIRECTORY}" ${escapeShellArgs startOptions} | ||
| 29 | ''; | ||
| 30 | }; | ||
| 22 | in { | 31 | in { |
| 23 | options = { | 32 | options = { |
| 24 | services.certspotter = { | 33 | services.certspotter = { |
| @@ -45,8 +54,7 @@ in { | |||
| 45 | systemd.services.certspotter = { | 54 | systemd.services.certspotter = { |
| 46 | serviceConfig = { | 55 | serviceConfig = { |
| 47 | Type = "oneshot"; | 56 | Type = "oneshot"; |
| 48 | ExecStartPre = "${pkgs.coreutils}/bin/rm -f $STATE_DIRECTORY/lock"; | 57 | ExecStart = "${startScript}/bin/certspotter-start"; |
| 49 | ExecStart = "${cfg.package}/bin/certspotter -state_dir $STATE_DIRECTORY ${escapeShellArgs startOptions}"; | ||
| 50 | StateDirectory = "certspotter"; | 58 | StateDirectory = "certspotter"; |
| 51 | LogsDirectory = "certspotter"; | 59 | LogsDirectory = "certspotter"; |
| 52 | DynamicUser = true; | 60 | DynamicUser = true; |