john/dendritic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mtlsCheck wrapper

Browse Source
This commit is contained in:
John Lancaster
2026-04-29 21:46:11 -05:00
parent 3c4aa74b0f
commit 8357372b39
1 changed files with 31 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/features/mtls.nix
+31 -13
View File
@@ -114,17 +114,6 @@ let
printf '\033[32m\033[0m \033[1mmTLS Bundle:\033[0m %s\n' ${lib.escapeShellArg bundleFile} printf '\033[32m\033[0m \033[1mmTLS Bundle:\033[0m %s\n' ${lib.escapeShellArg bundleFile}
''; '';
}; };
mkMtlsCheckScript = { pkgs, bundleFile }: pkgs.writeShellApplication {
name = "mtls-check";
runtimeInputs = with pkgs; [ openssl ];
text = ''
openssl x509 -noout -in ${bundleFile} \
-subject -issuer \
-ext subjectAltName,extendedKeyUsage \
-enddate
'';
};
mkMtlsRenewScript = { mkMtlsRenewScript = {
pkgs, pkgs,
@@ -291,7 +280,10 @@ in
inherit (cfg) subject provisioner san certFile keyFile bundleFile lifetime; inherit (cfg) subject provisioner san certFile keyFile bundleFile lifetime;
inherit (cfg.renew) user group; inherit (cfg.renew) user group;
}) })
(mkMtlsCheckScript { inherit pkgs; inherit (cfg) bundleFile; }) (inputs.self.wrappers.mtlsCheck.apply {
inherit pkgs;
inherit (cfg) bundleFile;
}).wrapper
(mkMtlsRenewScript { inherit pkgs cfg; }) (mkMtlsRenewScript { inherit pkgs cfg; })
]; ];
@@ -334,7 +326,10 @@ in
inherit (cfg) subject provisioner san lifetime; inherit (cfg) subject provisioner san lifetime;
inherit (cfg.renew) user group; inherit (cfg.renew) user group;
}) })
(mkMtlsCheckScript { inherit pkgs bundleFile; }) (inputs.self.wrappers.mtlsCheck.apply {
inherit pkgs;
inherit (cfg) bundleFile;
}).wrapper
# (mkMtlsRenewScript { inherit pkgs cfg; systemctlArgs = [ "--user" ]; }) # (mkMtlsRenewScript { inherit pkgs cfg; systemctlArgs = [ "--user" ]; })
(inputs.self.wrappers.mtlsRenew.apply { (inputs.self.wrappers.mtlsRenew.apply {
inherit pkgs; inherit pkgs;
@@ -356,6 +351,29 @@ in
}; };
flake.wrappers = { flake.wrappers = {
mtlsCheck = inputs.wrappers.lib.wrapModule ({ config, lib, wlib, ... }: {
options = {
bundleFile = lib.mkOption {
description = "String path for the mTLS key bundle";
type = lib.types.str;
};
};
config = {
binName = "mtls-check";
package = config.pkgs.openssl;
args = [
"x509"
"-noout"
"-in" config.bundleFile
"-subject"
"-issuer"
"-ext" "subjectAltName,extendedKeyUsage"
"-enddate"
];
};
});
mtlsNeedsRenewal = inputs.wrappers.lib.wrapModule ({ config, lib, wlib, ... }: { mtlsNeedsRenewal = inputs.wrappers.lib.wrapModule ({ config, lib, wlib, ... }: {
options = { options = {
certFile = lib.mkOption { certFile = lib.mkOption {