From 7962df46febf67976dadf6ecf9acc033804580bd Mon Sep 17 00:00:00 2001
From: rnhmjoj <rnhmjoj@inventati.org>
Date: Thu, 11 Mar 2021 08:02:09 +0100
Subject: nixos/privoxy: make certificate-directory optional

The tmpfiles.d rule should only be added if inspectHttps is enabled.
---
 nixos/modules/services/networking/privoxy.nix | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to 'nixos/modules/services/networking/privoxy.nix')

diff --git a/nixos/modules/services/networking/privoxy.nix b/nixos/modules/services/networking/privoxy.nix
index f1a9c6029cb..7c22b7d09b9 100644
--- a/nixos/modules/services/networking/privoxy.nix
+++ b/nixos/modules/services/networking/privoxy.nix
@@ -205,9 +205,8 @@ in
 
     users.groups.privoxy = {};
 
-    systemd.tmpfiles.rules = with cfg.settings; [
-      "d ${certificate-directory} 0770 privoxy privoxy ${cfg.certsLifetime}"
-    ];
+    systemd.tmpfiles.rules = optional cfg.inspectHttps
+      "d ${cfg.settings.certificate-directory} 0770 privoxy privoxy ${cfg.certsLifetime}";
 
     systemd.services.privoxy = {
       description = "Filtering web proxy";
-- 
cgit 1.4.1