NixOS configuration for HPC cluster
https://docs.hpc.informatik.hs-fulda.de/
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
65 lines
1.1 KiB
65 lines
1.1 KiB
{ pkgs, lib, config, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
ca = pkgs.stdenv.mkDerivation {
|
|
name = "hpc-ca";
|
|
|
|
nativeBuildInputs = [ pkgs.minica ];
|
|
|
|
phases = [ "buildPhase" "installPhase" ];
|
|
|
|
buildPhase = ''
|
|
minica \
|
|
-ca-key ca.key.pem \
|
|
-ca-cert ca.cert.pem \
|
|
-domains "ca.${config.networking.domain}"
|
|
'';
|
|
|
|
installPhase = ''
|
|
mkdir -p $out
|
|
|
|
mv ca.key.pem $out/
|
|
mv ca.cert.pem $out/
|
|
'';
|
|
};
|
|
|
|
ca-cert = pkgs.runCommandNoCCLocal "hpc-ca.cert" { } ''
|
|
cp "${ca}/ca.cert.pem" $out
|
|
'';
|
|
|
|
mkCert = domain: pkgs.stdenv.mkDerivation {
|
|
name = "hpc-ca:${domain}";
|
|
|
|
nativeBuildInputs = [ pkgs.minica ];
|
|
|
|
phases = [ "buildPhase" "installPhase" ];
|
|
|
|
buildPhase = ''
|
|
minica \
|
|
-ca-key "${ca}/ca.key.pem" \
|
|
-ca-cert "${ca}/ca.cert.pem" \
|
|
-domains "${domain}"
|
|
'';
|
|
|
|
installPhase = ''
|
|
mkdir -p $out
|
|
|
|
mv "${domain}/key.pem" $out/
|
|
mv "${domain}/cert.pem" $out/
|
|
|
|
ln -s "${ca}/ca.cert.pem" $out/ca.pem
|
|
'';
|
|
};
|
|
|
|
in
|
|
{
|
|
security.pki.certificateFiles = [
|
|
ca-cert
|
|
];
|
|
|
|
_module.args = {
|
|
inherit mkCert;
|
|
};
|
|
}
|