mtlsCheck wrapper

2026-04-29 21:46:11 -05:00
parent 3c4aa74b0f
commit 8357372b39
1 changed files with 31 additions and 13 deletions
@@ -114,17 +114,6 @@ let
        printf '\033[32m✔\033[0m \033[1mmTLS Bundle:\033[0m %s\n' ${lib.escapeShellArg bundleFile}
      '';
    };
-  
-  mkMtlsCheckScript = { pkgs, bundleFile }: pkgs.writeShellApplication {
-    name = "mtls-check";
-    runtimeInputs = with pkgs; [ openssl ];
-    text = ''
-      openssl x509 -noout -in ${bundleFile} \
-        -subject -issuer \
-        -ext subjectAltName,extendedKeyUsage \
-        -enddate
-    '';
-  };

  mkMtlsRenewScript = {
    pkgs,
@@ -291,7 +280,10 @@ in
            inherit (cfg) subject provisioner san certFile keyFile bundleFile lifetime;
            inherit (cfg.renew) user group;
          })
-          (mkMtlsCheckScript { inherit pkgs; inherit (cfg) bundleFile; })
+          (inputs.self.wrappers.mtlsCheck.apply {
+            inherit pkgs;
+            inherit (cfg) bundleFile;
+          }).wrapper
          (mkMtlsRenewScript { inherit pkgs cfg; })
        ];

@@ -334,7 +326,10 @@ in
            inherit (cfg) subject provisioner san lifetime;
            inherit (cfg.renew) user group;
          })
-          (mkMtlsCheckScript { inherit pkgs bundleFile; })
+          (inputs.self.wrappers.mtlsCheck.apply {
+            inherit pkgs;
+            inherit (cfg) bundleFile;
+          }).wrapper
          # (mkMtlsRenewScript { inherit pkgs cfg; systemctlArgs = [ "--user" ]; })
          (inputs.self.wrappers.mtlsRenew.apply {
            inherit pkgs;
@@ -356,6 +351,29 @@ in
    };

  flake.wrappers = {
+    mtlsCheck = inputs.wrappers.lib.wrapModule ({ config, lib, wlib, ... }: {
+      options = {
+        bundleFile = lib.mkOption {
+          description = "String path for the mTLS key bundle";
+          type = lib.types.str;
+        };
+      };
+
+      config = {
+        binName = "mtls-check";
+        package = config.pkgs.openssl;
+        args = [
+          "x509"
+          "-noout"
+          "-in" config.bundleFile
+          "-subject"
+          "-issuer"
+          "-ext" "subjectAltName,extendedKeyUsage"
+          "-enddate"
+        ];
+      };
+    });
+
    mtlsNeedsRenewal = inputs.wrappers.lib.wrapModule ({ config, lib, wlib, ... }: {
      options = {
        certFile = lib.mkOption {