From 3e2ad120feb9fa710bb9dfd1a612759276c7f3d7 Mon Sep 17 00:00:00 2001
From: John Lancaster <32917998+jsl12@users.noreply.github.com>
Date: Sun, 15 Mar 2026 21:05:38 -0500
Subject: [PATCH] provisioner option

---
 modules/services/step-ca/mtls.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/modules/services/step-ca/mtls.nix b/modules/services/step-ca/mtls.nix
index 7345e23..0323e21 100644
--- a/modules/services/step-ca/mtls.nix
+++ b/modules/services/step-ca/mtls.nix
@@ -46,6 +46,10 @@
         type = lib.types.listOf lib.types.str;
         default = [ ];
       };
+      provisioner = lib.mkOption {
+        type = lib.types.str;
+        default = "admin";
+      };
     };
 
     config = {
@@ -56,7 +60,7 @@
             ${cfg.subject} ${tlsCert} ${tlsKey} \
             --ca-url ${cfg.caURL} \
             --root ${rootCA} \
-            --provisioner admin \
+            --provisioner ${cfg.provisioner} \
             ${sanArgs}
           cat ${tlsCert} ${tlsKey} > ${mtlsBundle}
         '')