john/dendritic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

started janus-ca wrapper

Browse Source
This commit is contained in:
John Lancaster
2026-03-30 18:59:07 -05:00
parent 89a4d5a228
commit 3674a0e6c4
5 changed files with 32 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/features/mtls.nix
+2 -2
View File
@@ -265,7 +265,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; lib.optionals cfg.enable [ environment.systemPackages = with pkgs; lib.optionals cfg.enable [
step-cli # step-cli
(mkMtlsGenerateScript { (mkMtlsGenerateScript {
inherit (cfg) subject provisioner san lifetime; inherit (cfg) subject provisioner san lifetime;
inherit pkgs tlsCert tlsKey mtlsBundle; inherit pkgs tlsCert tlsKey mtlsBundle;
@@ -308,7 +308,7 @@ in
config = { config = {
home.packages = with pkgs; lib.optionals cfg.enable [ home.packages = with pkgs; lib.optionals cfg.enable [
step-cli # step-cli
(mkMtlsGenerateScript { (mkMtlsGenerateScript {
inherit (cfg) subject provisioner san lifetime; inherit (cfg) subject provisioner san lifetime;
inherit pkgs tlsCert tlsKey mtlsBundle; inherit pkgs tlsCert tlsKey mtlsBundle;
modules/hosts/janus/default.nix
+20 -1
View File
@@ -4,7 +4,6 @@ let
hostname = "janus"; hostname = "janus";
ca-url = "https://janus.john-stream.com/"; ca-url = "https://janus.john-stream.com/";
fingerprint = "2036c44f7b5901566ff7611ea6c927291ecc6d2dd00779c0eead70ec77fa10d6"; fingerprint = "2036c44f7b5901566ff7611ea6c927291ecc6d2dd00779c0eead70ec77fa10d6";
in in
{ {
flake.modules.nixos.janus-ca = { config, lib, ... }: flake.modules.nixos.janus-ca = { config, lib, ... }:
@@ -73,4 +72,24 @@ in
} }
]; ];
}; };
flake-file.inputs = {
wrappers = {
url = "github:lassulus/wrappers";
inputs.nixpkgs.follows = "nixpkgs";
};
};
perSystem = { pkgs, lib, ... }: {
packages.janus-ca = inputs.wrappers.lib.wrapPackage {
inherit pkgs;
package = pkgs.step-cli;
binName = "janus-cert";
args = [
"ca" "certificate"
"--ca-url=${ca-url}"
];
};
};
} }
modules/hosts/soteria/soteria.nix
+4
View File
@@ -60,6 +60,10 @@ in
homeManager."${hostname}" homeManager."${hostname}"
]; ];
}; };
environment.systemPackages = [
inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.janus-ca
];
}) })
]; ];
}; };
modules/services/step-ca/ssh-host.nix
+2 -2
View File
@@ -33,7 +33,7 @@
networking.nameservers = [ "192.168.1.150" ]; networking.nameservers = [ "192.168.1.150" ];
networking.dhcpcd.extraConfig = "nohook resolv.conf"; networking.dhcpcd.extraConfig = "nohook resolv.conf";
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
step-cli # step-cli
(writeShellScriptBin "ssh-host-cert-renew" '' (writeShellScriptBin "ssh-host-cert-renew" ''
${lib.getExe pkgs.step-cli} ssh certificate \ ${lib.getExe pkgs.step-cli} ssh certificate \
--host --sign \ --host --sign \
@@ -51,7 +51,7 @@
wantedBy = [ ]; wantedBy = [ ];
after = [ "network-online.target" ]; after = [ "network-online.target" ];
wants = [ "network-online.target" ]; wants = [ "network-online.target" ];
path = [ pkgs.step-cli pkgs.openssh pkgs.coreutils pkgs.systemd ]; path = with pkgs; [ coreutils systemd step-cli openssh ];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
User = "root"; User = "root";
modules/services/step-ca/step-ca.nix
+4 -1
View File
@@ -17,6 +17,9 @@ in
crt = ""; crt = "";
}; };
}; };
environment.systemPackages = with pkgs; [ step-ca step-cli ]; environment.systemPackages = with pkgs; [
step-ca
step-cli
];
}; };
} }