You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
{ pkgs, lib, config, ... }:
with lib;
let ca = pkgs.stdenv.mkDerivation { name = "hpc-ca";
nativeBuildInputs = [ pkgs.minica ];
phases = [ "buildPhase" "installPhase" ];
buildPhase = ''
minica \ -ca-key ca.key.pem \ -ca-cert ca.cert.pem \ -domains "ca.${config.networking.domain}" '';
installPhase = ''
mkdir -p $out
mv ca.key.pem $out/ mv ca.cert.pem $out/ '';
};
ca-cert = pkgs.runCommandNoCCLocal "hpc-ca.cert" { } ''
cp "${ca}/ca.cert.pem" $out '';
mkCert = domain: pkgs.stdenv.mkDerivation { name = "hpc-ca:${domain}";
nativeBuildInputs = [ pkgs.minica ];
phases = [ "buildPhase" "installPhase" ];
buildPhase = ''
minica \ -ca-key "${ca}/ca.key.pem" \ -ca-cert "${ca}/ca.cert.pem" \ -domains "${domain}" '';
installPhase = ''
mkdir -p $out mv "${domain}/key.pem" $out/ mv "${domain}/cert.pem" $out/
ln -s "${ca}/ca.cert.pem" $out/ca.pem '';
};
in{ security.pki.certificateFiles = [ ca-cert ];
_module.args = { inherit mkCert; };}
|
