From 3674a0e6c422b539a35356b0804da935d1d73713 Mon Sep 17 00:00:00 2001 From: John Lancaster <32917998+jsl12@users.noreply.github.com> Date: Mon, 30 Mar 2026 18:59:07 -0500 Subject: [PATCH] started janus-ca wrapper --- modules/features/mtls.nix | 4 ++-- modules/hosts/janus/default.nix | 21 ++++++++++++++++++++- modules/hosts/soteria/soteria.nix | 4 ++++ modules/services/step-ca/ssh-host.nix | 4 ++-- modules/services/step-ca/step-ca.nix | 5 ++++- 5 files changed, 32 insertions(+), 6 deletions(-) diff --git a/modules/features/mtls.nix b/modules/features/mtls.nix index 56ae750..9db311a 100644 --- a/modules/features/mtls.nix +++ b/modules/features/mtls.nix @@ -265,7 +265,7 @@ in config = lib.mkIf cfg.enable { environment.systemPackages = with pkgs; lib.optionals cfg.enable [ - step-cli + # step-cli (mkMtlsGenerateScript { inherit (cfg) subject provisioner san lifetime; inherit pkgs tlsCert tlsKey mtlsBundle; @@ -308,7 +308,7 @@ in config = { home.packages = with pkgs; lib.optionals cfg.enable [ - step-cli + # step-cli (mkMtlsGenerateScript { inherit (cfg) subject provisioner san lifetime; inherit pkgs tlsCert tlsKey mtlsBundle; diff --git a/modules/hosts/janus/default.nix b/modules/hosts/janus/default.nix index 29cf427..2877987 100644 --- a/modules/hosts/janus/default.nix +++ b/modules/hosts/janus/default.nix @@ -4,7 +4,6 @@ let hostname = "janus"; ca-url = "https://janus.john-stream.com/"; fingerprint = "2036c44f7b5901566ff7611ea6c927291ecc6d2dd00779c0eead70ec77fa10d6"; - in { flake.modules.nixos.janus-ca = { config, lib, ... }: @@ -73,4 +72,24 @@ in } ]; }; + + + flake-file.inputs = { + wrappers = { + url = "github:lassulus/wrappers"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + perSystem = { pkgs, lib, ... }: { + packages.janus-ca = inputs.wrappers.lib.wrapPackage { + inherit pkgs; + package = pkgs.step-cli; + binName = "janus-cert"; + args = [ + "ca" "certificate" + "--ca-url=${ca-url}" + ]; + }; + }; } \ No newline at end of file diff --git a/modules/hosts/soteria/soteria.nix b/modules/hosts/soteria/soteria.nix index 1ae376d..3e0894b 100644 --- a/modules/hosts/soteria/soteria.nix +++ b/modules/hosts/soteria/soteria.nix @@ -60,6 +60,10 @@ in homeManager."${hostname}" ]; }; + + environment.systemPackages = [ + inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.janus-ca + ]; }) ]; }; diff --git a/modules/services/step-ca/ssh-host.nix b/modules/services/step-ca/ssh-host.nix index b9134ab..a189c82 100644 --- a/modules/services/step-ca/ssh-host.nix +++ b/modules/services/step-ca/ssh-host.nix @@ -33,7 +33,7 @@ networking.nameservers = [ "192.168.1.150" ]; networking.dhcpcd.extraConfig = "nohook resolv.conf"; environment.systemPackages = with pkgs; [ - step-cli + # step-cli (writeShellScriptBin "ssh-host-cert-renew" '' ${lib.getExe pkgs.step-cli} ssh certificate \ --host --sign \ @@ -51,7 +51,7 @@ wantedBy = [ ]; after = [ "network-online.target" ]; wants = [ "network-online.target" ]; - path = [ pkgs.step-cli pkgs.openssh pkgs.coreutils pkgs.systemd ]; + path = with pkgs; [ coreutils systemd step-cli openssh ]; serviceConfig = { Type = "oneshot"; User = "root"; diff --git a/modules/services/step-ca/step-ca.nix b/modules/services/step-ca/step-ca.nix index da090ed..7b79a11 100644 --- a/modules/services/step-ca/step-ca.nix +++ b/modules/services/step-ca/step-ca.nix @@ -17,6 +17,9 @@ in crt = ""; }; }; - environment.systemPackages = with pkgs; [ step-ca step-cli ]; + environment.systemPackages = with pkgs; [ + step-ca + step-cli + ]; }; } \ No newline at end of file