better ssh certs wrappers

2026-04-20 21:13:19 -05:00
parent bd236ed977
commit e75951318d
4 changed files with 69 additions and 146 deletions
@@ -2,8 +2,6 @@
 let
  username = "john";
  hostname = "janus";
-  ca-url = "https://janus.john-stream.com/";
-  fingerprint = builtins.readFile ./fingerprint;
 in
 {
  flake.modules.nixos.janus-ca =
@@ -39,7 +37,8 @@ in
      config = {
        environment.etc = lib.mkIf cfgInEtc {
          "step-ca/defaults.json".text = builtins.toJSON {
-            inherit ca-url fingerprint;
+            ca-url = "https://janus.john-stream.com/";
+            fingerprint = builtins.readFile ./fingerprint;
            root = "/etc/${certRootEtcPath}";
          };
          "${certRootEtcPath}".source = ./root_ca.crt;
@@ -52,10 +51,10 @@ in

  flake.modules.homeManager.janus-ca = { config, ... }: {
    home.file.".step/config/defaults.json".text = builtins.toJSON {
-      inherit ca-url fingerprint;
-      root = "${config.home.homeDirectory}/.step/certs/root_ca.crt";
+      ca-url = "https://janus.john-stream.com/";
+      fingerprint = builtins.readFile ./fingerprint;
+      root = ./root_ca.crt;
    };
-    home.file.".step/certs/root_ca.crt".source = ./root_ca.crt;
  };

  flake.nixosConfigurations."${hostname}" = inputs.nixpkgs.lib.nixosSystem {