WIP mtls wrappers
This commit is contained in:
John Lancaster
@@ -329,15 +329,16 @@ in
|
||||
home.packages = with pkgs; lib.optionals cfg.enable [
|
||||
# step-cli
|
||||
(mkMtlsGenerateScript {
|
||||
inherit pkgs;
|
||||
inherit (cfg) keyFile certFile bundleFile;
|
||||
inherit (cfg) subject provisioner san lifetime;
|
||||
inherit (cfg.renew) user group;
|
||||
inherit pkgs certFile keyFile bundleFile;
|
||||
})
|
||||
(mkMtlsCheckScript { inherit pkgs bundleFile; })
|
||||
# (mkMtlsRenewScript { inherit pkgs cfg; systemctlArgs = [ "--user" ]; })
|
||||
(inputs.self.wrappers.mtlsRenew.apply {
|
||||
inherit pkgs;
|
||||
inherit (cfg) certDir certFile keyFile;
|
||||
inherit (cfg) certDir keyFile certFile bundleFile;
|
||||
}).wrapper
|
||||
];
|
||||
|
||||
@@ -389,11 +390,15 @@ in
|
||||
type = lib.types.str;
|
||||
default = "${config.certDir}/cert.pem";
|
||||
};
|
||||
bundleFile = lib.mkOption {
|
||||
description = "String path for the mTLS key bundle";
|
||||
type = lib.types.str;
|
||||
default = "${config.certDir}/mtls.pem";
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
binName = "mtls-renew";
|
||||
package = config.pkgs.step-cli;
|
||||
extraPackages = [
|
||||
(inputs.self.wrappers.mtlsNeedsRenewal.apply {
|
||||
inherit (config) pkgs certFile;
|
||||
@@ -423,6 +428,8 @@ in
|
||||
echo "Renewing mTLS certificate"
|
||||
fi
|
||||
'';
|
||||
package = config.pkgs.step-cli;
|
||||
args = [ "ca" "renew" "--force" config.certFile config.keyFile ];
|
||||
};
|
||||
});
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user