temp

2026-04-20 16:49:31 -05:00
parent b07bf102a4
commit bd236ed977
3 changed files with 179 additions and 72 deletions
@@ -21,78 +21,6 @@ let
      ];
    };
  });
-
-  mkPrincipalArgs = principals:
-    builtins.concatLists (map (principal: [ "--principal" principal ]) principals);
-
-  signHostWrapper = inputs.wrappers.lib.wrapModule ({config, lib, wlib, ... }: {
-    options = {
-      provisioner = lib.mkOption {
-        type = lib.types.nullOr lib.types.str;
-        default = "admin";
-      };
-      extraPrincipals = lib.mkOption {
-        type = lib.types.listOf lib.types.str;
-        default = [ ];
-      };
-      overwrite = lib.mkEnableOption "Overwrite existing cert file?";
-    };
-
-    config = {
-      binName = "sign-ssh-host-cert";
-      package = config.pkgs.step-cli;
-      extraPackages = with config.pkgs; [ hostname iproute2 systemd ];
-      preHook = ''
-        HOSTNAME=$(hostname -s)
-        IP_ADDRESS=$(ip -4 -o addr show scope global | while read -r _ _ _ addr _; do
-          case "$addr" in
-            192.168.1.*/*)
-              printf '%s\n' "''${addr%%/*}"
-              break
-              ;;
-          esac
-        done)
-        echo "Signing SSH host cert for $HOSTNAME at $IP_ADDRESS"
-      '';
-      args =
-        [
-          "ssh" "certificate"
-          "--host" "--sign"
-          "--principal" "$HOSTNAME"
-          "--principal" "$IP_ADDRESS"
-        ]
-        ++ lib.optionals (config.provisioner != null) [ "--provisioner" "${config.provisioner}" ]
-        ++ lib.optionals config.overwrite [ "-f" ]
-        ++ mkPrincipalArgs config.extraPrincipals;
-      postHook = ''
-        systemctl reload-or-restart sshd
-      '';
-    };
-  });
-
-  signUserWrapper = inputs.wrappers.lib.wrapModule ({config, lib, wlib, ... }: {
-    options = {
-      provisioner = lib.mkOption {
-        type = lib.types.nullOr lib.types.str;
-        default = "admin";
-      };
-      validUsers = lib.mkOption {
-        description = "A list of the user names that this cert will be valid for";
-        type = lib.types.listOf lib.types.str;
-        default = [ ];
-      };
-      overwrite = lib.mkEnableOption "Overwrite existing cert file?";
-    };
-
-    config = {
-      binName = "sign-ssh-user-cert";
-      package = config.pkgs.step-cli;
-      args = [ "ssh" "certificate" "--sign" ]
-        ++ lib.optionals (config.provisioner != null) [ "--provisioner" "${config.provisioner}" ]
-        ++ lib.optionals config.overwrite [ "-f" ]
-        ++ mkPrincipalArgs config.validUsers;
-    };
-  });
 in
 {
  perSystem = { system, self', pkgs, lib, ... }: {