john/dendritic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

janus-ca pkg updates

Browse Source
This commit is contained in:
John Lancaster
2026-04-04 12:09:13 -05:00
parent b8b8a445f9
commit ff70a35078
1 changed files with 29 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/hosts/janus/default.nix
+29 -9
View File
@@ -9,25 +9,45 @@ in
flake.modules.nixos.janus-ca =
{ config, lib, ... }:
let
cfg = config.janus-ca;
johnHome = lib.attrByPath [ "users" "users" username "home" ] "/home/${username}" config;
johnGroup = lib.attrByPath [ "users" "users" username "group" ] username config;
cfgInEtc = lib.hasPrefix "/etc/" cfg.certDir;
certDirEtcPath =
if cfgInEtc then
lib.removePrefix "/etc/" cfg.certDir
else
cfg.certDir;
certRootEtcPath = "${certDirEtcPath}/root_ca.crt";
mkStepRules = home: user: group: [
"d ${home}/.step 0700 ${user} ${group} -"
"d ${home}/.step/config 0700 ${user} ${group} -"
"d ${home}/.step/certs 0700 ${user} ${group} -"
"L+ ${home}/.step/config/defaults.json - - - - /etc/step/config/defaults.json"
"L+ ${home}/.step/certs/root_ca.crt - - - - /etc/step/certs/root_ca.crt"
"L+ ${home}/.step/config/defaults.json - - - - /etc/step-ca/defaults.json"
"L+ ${home}/.step/certs/root_ca.crt - - - - ${cfg.certDir}/root_ca.crt"
];
in
{
environment.etc."step/config/defaults.json".text = builtins.toJSON {
inherit ca-url fingerprint;
root = "/etc/step-ca/certs/root_ca.crt";
options.janus-ca = {
certDir = lib.mkOption {
description = "String path to where the mtls certs will be stored.";
type = lib.types.str;
default = "/etc/step-ca/certs";
};
};
config = {
environment.etc = lib.mkIf cfgInEtc {
"step-ca/defaults.json".text = builtins.toJSON {
inherit ca-url fingerprint;
root = "/etc/${certRootEtcPath}";
};
"${certRootEtcPath}".source = ./root_ca.crt;
};
systemd.tmpfiles.rules =
mkStepRules johnHome username johnGroup
++ mkStepRules "/root" "root" "root";
};
environment.etc."step-ca/certs/root_ca.crt".source = ./root_ca.crt;
systemd.tmpfiles.rules =
mkStepRules johnHome username johnGroup
++ mkStepRules "/root" "root" "root";
};
flake.modules.homeManager.janus-ca = { config, ... }: {