[Unit]
Description=Copy TLS certs for coredns.service
# technically, the below should have no impact
After=network.target
PartOf=coredns.service
ConditionPathExists=/etc/letsencrypt/live/dns.dotya.ml

[Service]
Type=oneshot
Environment=DOMAIN=dns.dotya.ml
ExecStartPre=bash -c "mkdir -pv /var/lib/coredns/certs"
ExecStart=bash -c "cp -f -v --dereference /etc/letsencrypt/live/${DOMAIN}/* /var/lib/coredns/certs/"
ExecStopPost=bash -c "chown -Rv coredns:root /var/lib/coredns"

SuccessExitStatus=0