[Unit]
Description=Restart Vsftpd if a new TLS certificate is available
# Lego touch .renewed files when renewed certificates are available
ConditionPathExistsGlob=/var/lib/quadlets/lego/certificates/*.renewed
After=lego-renew.service

[Service]
Type=oneshot
# Copy the renewed certificates to the vsftpd /run directory
ExecStartPre=/bin/sh -Eeuo pipefail -c 'install -o 10015 -g 10000 -m 0600 -t /run/quadlets/vsftpd/tls /var/lib/quadlets/lego/certificates/*.crt /var/lib/quadlets/lego/certificates/*.key'
# Restart vsftpd to load the new certificates
ExecStart=systemctl --no-block restart vsftpd.service
# Remove the flag files after restarting vsftpd
ExecStartPost=/bin/sh -Eeuo pipefail -c 'rm -f /var/lib/quadlets/lego/certificates/*.renewed'

[Install]
WantedBy=lego-renew.service