nixos/privoxy: make certificate-directory optional

The tmpfiles.d rule should only be added if inspectHttps is enabled.

nixos/modules/services/networking/privoxy.nix

@@ -205,9 +205,8 @@ in
 
     users.groups.privoxy = {};
 
-    systemd.tmpfiles.rules = with cfg.settings; [
-      "d ${certificate-directory} 0770 privoxy privoxy ${cfg.certsLifetime}"
-    ];
+    systemd.tmpfiles.rules = optional cfg.inspectHttps
+      "d ${cfg.settings.certificate-directory} 0770 privoxy privoxy ${cfg.certsLifetime}";
 
     systemd.services.privoxy = {
       description = "Filtering web proxy";