john/dendritic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

options organization

Browse Source
This commit is contained in:
John Lancaster
2026-03-15 20:18:01 -05:00
parent 832149305b
commit dfefb9682f
1 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
modules/services/step-ca/ssh-host.nix
View File

@@ -16,25 +16,27 @@ in
# NixOS Options # NixOS Options
options.step-ssh-host = { options.step-ssh-host = {
hostname = lib.mkOption { hostname = lib.mkOption {
description = "Networking host name";
type = lib.types.str; type = lib.types.str;
}; };
caURL = lib.mkOption { caURL = lib.mkOption {
description = "URL for the certificate authority";
type = lib.types.str; type = lib.types.str;
default = "${caURL}";
}; };
rootCertFile = { rootCertFile = {
path = lib.mkOption { path = lib.mkOption {
type = lib.types.str;
description = "String path to where the root_ca.crt file will be stored for the user"; description = "String path to where the root_ca.crt file will be stored for the user";
type = lib.types.str;
default = "step/certs/root_ca.crt"; default = "step/certs/root_ca.crt";
}; };
source = lib.mkOption { source = lib.mkOption {
type = lib.types.path;
description = "Nix path to the root cert file within the repo"; description = "Nix path to the root cert file within the repo";
type = lib.types.path;
default = ../../../keys/root_ca.crt; default = ../../../keys/root_ca.crt;
}; };
}; };
sshHostProvisioner = lib.mkOption { provisioner = lib.mkOption {
description = "Provisioner inside Step CA to use for the SSH certificates";
type = lib.types.str; type = lib.types.str;
default = "admin"; default = "admin";
}; };
@@ -60,7 +62,7 @@ in
--host --sign \ --host --sign \
--root "${rootCertPath}" \ --root "${rootCertPath}" \
--ca-url ${cfg.caURL} \ --ca-url ${cfg.caURL} \
--provisioner "${cfg.sshHostProvisioner}" \ --provisioner "${cfg.provisioner}" \
--provisioner-password-file "${provisionerPasswordPath}" \ --provisioner-password-file "${provisionerPasswordPath}" \
--principal "${cfg.hostname}" \ --principal "${cfg.hostname}" \
--principal "${cfg.hostname}.john-stream.com" \ --principal "${cfg.hostname}.john-stream.com" \