From 3af6ab08192aed4c01b7f9656a4cdc08f17f80af Mon Sep 17 00:00:00 2001
From: John Lancaster <32917998+jsl12@users.noreply.github.com>
Date: Mon, 16 Mar 2026 08:37:40 -0500
Subject: [PATCH] case structure

---
 modules/services/step-ca/mtls.nix | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/modules/services/step-ca/mtls.nix b/modules/services/step-ca/mtls.nix
index 5ea0302..8e4ebeb 100644
--- a/modules/services/step-ca/mtls.nix
+++ b/modules/services/step-ca/mtls.nix
@@ -1,5 +1,6 @@
 { inputs, lib, ... }:
 let
+  # Options that will be in common between
   opts = {
     enable = lib.mkEnableOption "Enable mTLS";
     caURL = lib.mkOption {
@@ -110,18 +111,20 @@ let
         echo "Renewing mTLS certificate"
       else
         rc=$?
-        if [ "$rc" -eq 1 ]; then
-          echo "mTLS certificate does not need renewal"
-          exit 0
-        fi
-
-        if [ "$rc" -eq 2 ]; then
-          echo "mTLS certificate missing: ${tlsCert}" >&2
-          exit 1
-        fi
-
-        echo "step certificate needs-renewal failed with rc=$rc" >&2
-        exit "$rc"
+        case "$rc" in
+          1)
+            echo "mTLS certificate does not need renewal"
+            exit 0
+            ;;
+          2)
+            echo "mTLS certificate missing: ${tlsCert}" >&2
+            exit 1
+            ;;
+          *)
+            echo "step certificate needs-renewal failed with rc=$rc" >&2
+            exit "$rc"
+            ;;
+        esac
       fi
 
       ${lib.getExe pkgs.step-cli} ca renew --force "${tlsCert}" "${tlsKey}"