john/dendritic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

commonized root CA pattern

Browse Source
This commit is contained in:
John Lancaster
2026-03-15 20:14:23 -05:00
parent f9a8ad47e3
commit 832149305b
2 changed files with 14 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
modules/services/step-ca/ssh-host.nix
View File

@@ -22,10 +22,17 @@ in
type = lib.types.str;
default = "${caURL}";
};
rootCertFile = lib.mkOption {
type = lib.types.path;
description = "Public Step root CA certificate file from the repo.";
default = ../../../keys/root_ca.crt;
rootCertFile = {
path = lib.mkOption {
type = lib.types.str;
description = "String path to where the root_ca.crt file will be stored for the user";
default = "step/certs/root_ca.crt";
};
source = lib.mkOption {
type = lib.types.path;
description = "Nix path to the root cert file within the repo";
default = ../../../keys/root_ca.crt;
};
};
sshHostProvisioner = lib.mkOption {
type = lib.types.str;
@@ -45,7 +52,7 @@ in
networking.nameservers = [ "192.168.1.150" ];
networking.dhcpcd.extraConfig = "nohook resolv.conf";
environment.etc."step/certs/root_ca.crt".source = cfg.rootCertFile;
environment.etc."${cfg.rootCertFile.path}".source = cfg.rootCertFile.source;
environment.systemPackages = with pkgs; [
step-cli
(writeShellScriptBin "ssh-host-cert-renew" ''