From 10ce0b3149561d4b84afaf83f78c6d459189a911 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sat, 26 Mar 2022 17:21:38 +0100 Subject: ... --- modules/certspotter.nix | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'modules') diff --git a/modules/certspotter.nix b/modules/certspotter.nix index 4dee0d37..aae6a313 100644 --- a/modules/certspotter.nix +++ b/modules/certspotter.nix @@ -19,6 +19,15 @@ let ++ ["-watchlist" (pkgs.writeText "watchlist" (concatStringsSep "\n" cfg.watchList)) "-script" "${script}/bin/certspotter-script" ]; + + startScript = pkgs.writeShellApplication { + name = "certspotter-start"; + runtimeInputs = [ pkgs.coreutils cfg.package ]; + text = '' + rm -f "''${STATE_DIRECTORY}/lock" + certspotter -state_dir "''${STATE_DIRECTORY}" ${escapeShellArgs startOptions} + ''; + }; in { options = { services.certspotter = { @@ -45,8 +54,7 @@ in { systemd.services.certspotter = { serviceConfig = { Type = "oneshot"; - ExecStartPre = "${pkgs.coreutils}/bin/rm -f $STATE_DIRECTORY/lock"; - ExecStart = "${cfg.package}/bin/certspotter -state_dir $STATE_DIRECTORY ${escapeShellArgs startOptions}"; + ExecStart = "${startScript}/bin/certspotter-start"; StateDirectory = "certspotter"; LogsDirectory = "certspotter"; DynamicUser = true; -- cgit v1.2.3