diff --git a/nixng/containers/ingress-toothpick/default.nix b/nixng/containers/ingress-toothpick/default.nix
index 327dd4e..3276dcd 100644
--- a/nixng/containers/ingress-toothpick/default.nix
+++ b/nixng/containers/ingress-toothpick/default.nix
@@ -15,36 +15,7 @@
         singleton
         ;
     in {
-      dumb-init = {
-        enable = true;
-        sigell.entries = [
-          {
-            signal = "HUP";
-            action = {
-              type = "exec";
-              environment = {
-                PATH = "${pkgs.bash}/bin:${pkgs.busybox}/bin";
-              };
-              command = [
-                "bash"
-                "-c"
-                "kill -s HUP \"$(cat /nginx.pid)\""
-              ];
-            };
-          }
-          {
-            signal = "TERM";
-            action = {
-              type = "signal";
-              rewrite = "TERM";
-              selector = {
-                type = "child";
-              };
-            };
-          }
-        ];
-        type.services = {};
-      };
+      dinit.enable = true;
       init.services.nginx.shutdownOnExit = true;
 
       system.activation = {
diff --git a/terranix/main/containers/ingress-toothpick/job.hcl b/terranix/main/containers/ingress-toothpick/job.hcl
index 7829b58..b9f1f87 100644
--- a/terranix/main/containers/ingress-toothpick/job.hcl
+++ b/terranix/main/containers/ingress-toothpick/job.hcl
@@ -216,8 +216,13 @@ ssl_prefer_server_ciphers off;
 ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
 EOF
         destination   = "local/ssl.conf"
-        change_mode   = "signal"
-        change_signal = "SIGHUP"
+        change_mode   = "script"
+	change_script {
+          command       = "/bin/sh"
+          args          = ["-lc", "kill -SIGHUP $(cat /service/nginx/pid)"]
+          timeout       = "5s"
+          fail_on_error = false
+        }
       }
 
       template {
@@ -228,8 +233,13 @@ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 proxy_set_header X-Forwarded-Proto $scheme;
 EOF
         destination   = "local/headers.conf"
-        change_mode   = "signal"
-        change_signal = "SIGHUP"
+        change_mode   = "script"
+	change_script {
+          command       = "/bin/sh"
+          args          = ["-lc", "kill -SIGHUP $(cat /service/nginx/pid)"]
+          timeout       = "5s"
+          fail_on_error = false
+        }
       }
 
       template {
@@ -238,8 +248,13 @@ add_header X-Frame-Options "SAMEORIGIN";
 add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
 EOF
         destination   = "local/security.conf"
-        change_mode   = "signal"
-        change_signal = "SIGHUP"
+        change_mode   = "script"
+	change_script {
+          command       = "/bin/sh"
+          args          = ["-c", "kill -SIGHUP $(cat /service/nginx/pid)"]
+          timeout       = "5s"
+          fail_on_error = false
+        }
       }
 
       template {
@@ -265,15 +280,25 @@ server {
 }
 EOF
         destination   = "local/streams.conf"
-        change_mode   = "signal"
-        change_signal = "SIGHUP"
+        change_mode   = "script"
+	change_script {
+          command       = "/bin/sh"
+          args          = ["-c", "kill -SIGHUP $(cat /service/nginx/pid)"]
+          timeout       = "5s"
+          fail_on_error = false
+        }
       }
 
       template {
         data = var.upstreams
         destination   = "local/upstreams.conf"
-        change_mode   = "signal"
-        change_signal = "SIGHUP"
+        change_mode   = "script"
+	change_script {
+          command       = "/bin/sh"
+          args          = ["-c", "kill -SIGHUP $(cat /service/nginx/pid)"]
+          timeout       = "5s"
+          fail_on_error = false
+        }
       }
     }
   }