john/dendritic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mtls working on soteria

Browse Source
This commit is contained in:
John Lancaster
2026-03-30 15:23:52 -05:00
parent fef4ff71bb
commit 89a4d5a228
5 changed files with 49 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/hosts/janus/default.nix
+27 -3
View File
@@ -2,12 +2,36 @@
let
username = "john";
hostname = "janus";
ca-url = "https://janus.john-stream.com/";
fingerprint = "2036c44f7b5901566ff7611ea6c927291ecc6d2dd00779c0eead70ec77fa10d6";
in
{
flake.modules.nixos.janus-ca = { config, lib, ... }:
let
johnHome = lib.attrByPath [ "users" "users" username "home" ] "/home/${username}" config;
johnGroup = lib.attrByPath [ "users" "users" username "group" ] username config;
mkStepRules = home: user: group: [
"d ${home}/.step 0700 ${user} ${group} -"
"d ${home}/.step/config 0700 ${user} ${group} -"
"d ${home}/.step/certs 0700 ${user} ${group} -"
"L+ ${home}/.step/config/defaults.json - - - - /etc/step/config/defaults.json"
"L+ ${home}/.step/certs/root_ca.crt - - - - /etc/step/certs/root_ca.crt"
];
in {
environment.etc."step/config/defaults.json".text = builtins.toJSON {
inherit ca-url fingerprint;
root = "/etc/step/certs/root_ca.crt";
};
environment.etc."step/certs/root_ca.crt".source = ./root_ca.crt;
systemd.tmpfiles.rules =
mkStepRules johnHome username johnGroup
++ mkStepRules "/root" "root" "root";
};
flake.modules.homeManager.janus-ca = { config, ... }: {
home.file.".step/config/defaults.json".text = builtins.toJSON {
"ca-url" = "https://janus.john-stream.com/";
fingerprint = "2036c44f7b5901566ff7611ea6c927291ecc6d2dd00779c0eead70ec77fa10d6";
inherit ca-url fingerprint;
root = "${config.home.homeDirectory}/.step/certs/root_ca.crt";
};
home.file.".step/certs/root_ca.crt".source = ./root_ca.crt;
@@ -18,6 +42,7 @@ in
nixos.lxc
nixos.mysops
nixos.step-ssh-host
nixos.janus-ca
inputs.home-manager.nixosModules.home-manager
nixos."${username}"
nixos.docker
@@ -41,7 +66,6 @@ in
imports = with inputs.self.modules.homeManager; [
mysops
step-ssh-user
janus-ca
];
shell.program = "zsh";
docker.enable = true;