started janus-ca wrapper

2026-03-30 18:59:07 -05:00
parent 89a4d5a228
commit 3674a0e6c4
5 changed files with 32 additions and 6 deletions
@@ -265,7 +265,7 @@ in

      config = lib.mkIf cfg.enable {
        environment.systemPackages = with pkgs; lib.optionals cfg.enable [
-          step-cli
+          # step-cli
          (mkMtlsGenerateScript {
            inherit (cfg) subject provisioner san lifetime;
            inherit pkgs tlsCert tlsKey mtlsBundle;
@@ -308,7 +308,7 @@ in

      config = {
        home.packages = with pkgs; lib.optionals cfg.enable [
-          step-cli
+          # step-cli
          (mkMtlsGenerateScript {
            inherit (cfg) subject provisioner san lifetime;
            inherit pkgs tlsCert tlsKey mtlsBundle;
@@ -4,7 +4,6 @@ let
  hostname = "janus";
  ca-url = "https://janus.john-stream.com/";
  fingerprint = "2036c44f7b5901566ff7611ea6c927291ecc6d2dd00779c0eead70ec77fa10d6";
-
 in
 {
  flake.modules.nixos.janus-ca = { config, lib, ... }:
@@ -73,4 +72,24 @@ in
      }
    ];
  };
+
+
+  flake-file.inputs = {
+    wrappers = {
+      url = "github:lassulus/wrappers";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+  };
+
+  perSystem = { pkgs, lib, ... }: {
+    packages.janus-ca = inputs.wrappers.lib.wrapPackage {
+      inherit pkgs;
+      package = pkgs.step-cli;
+      binName = "janus-cert";
+      args = [
+        "ca" "certificate"
+        "--ca-url=${ca-url}"
+      ];
+    };
+  };
 }
@@ -60,6 +60,10 @@ in
            homeManager."${hostname}"
          ];
        };
+
+        environment.systemPackages = [
+          inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.janus-ca
+        ];
      })
    ];
  };
@@ -33,7 +33,7 @@
      networking.nameservers = [ "192.168.1.150" ];
      networking.dhcpcd.extraConfig = "nohook resolv.conf";
      environment.systemPackages = with pkgs; [
-        step-cli
+        # step-cli
        (writeShellScriptBin "ssh-host-cert-renew" ''
          ${lib.getExe pkgs.step-cli} ssh certificate \
          --host --sign \
@@ -51,7 +51,7 @@
        wantedBy = [ ];
        after = [ "network-online.target" ];
        wants = [ "network-online.target" ];
-        path = [ pkgs.step-cli pkgs.openssh pkgs.coreutils pkgs.systemd ];
+        path = with pkgs; [ coreutils systemd step-cli openssh  ];
        serviceConfig = {
          Type = "oneshot";
          User = "root";
@@ -17,6 +17,9 @@ in
        crt = "";
      };
    };
-    environment.systemPackages = with pkgs; [ step-ca step-cli ];
+    environment.systemPackages = with pkgs; [
+      step-ca
+      step-cli
+    ];
  };
 }