dendritic/modules/services/step-ca/step-ca.nix

{ inputs, ... }:
let
  ipAddress = "0.0.0.0";
in
{
  flake.modules.nixos.step-ca = { pkgs, ... }: {
    # https://github.com/NixOS/nixpkgs/blob/nixos-23.05/nixos/modules/services/security/step-ca.nix
    services.step-ca = {
      enable = true;
      openFirewall = true;
      address = ipAddress;
      port = 8443;

      # https://smallstep.com/docs/step-ca/configuration/#configuration-options
      settings = {
        root = "";
        crt = "";
      };
    };
    environment.systemPackages = with pkgs; [ step-ca step-cli ];
  };
}