From 621dda40eb9dcf0baa05c325c0fc23a8db42ea2e Mon Sep 17 00:00:00 2001
From: John Lancaster <32917998+jsl12@users.noreply.github.com>
Date: Sun, 15 Mar 2026 22:09:12 -0500
Subject: [PATCH] changed certs dir

---
 modules/services/step-ca/mtls.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/services/step-ca/mtls.nix b/modules/services/step-ca/mtls.nix
index bd4585b..7eda11f 100644
--- a/modules/services/step-ca/mtls.nix
+++ b/modules/services/step-ca/mtls.nix
@@ -67,11 +67,11 @@ in
   flake.modules.nixos.mtls = { config, lib, pkgs, ... }:
   let
     cfg = config.mtls;
-    certDir = cfg.certDir;
+    certDir = "/etc/step/certs";
     tlsKey = "${certDir}/${cfg.keyFilename}";
     tlsCert = "${certDir}/${cfg.certFilename}";
     mtlsBundle = "${certDir}/${cfg.bundleFilename}";
-    rootCA = "${cfg.certDir}/certs/root_ca.crt";
+    rootCA = "${certDir}/root_ca.crt";
     sanArgs = lib.concatMapStringsSep " " (san: "--san \"${san}\"") cfg.san;
     renewReloadScript = lib.concatMapStringsSep "\n" (unit: ''
       if ${lib.getExe' pkgs.systemd "systemctl"} --quiet is-active "${unit}"; then