46 lines
1 KiB
Nix
46 lines
1 KiB
Nix
{
|
|
flake,
|
|
pkgs,
|
|
lib,
|
|
config,
|
|
...
|
|
}:
|
|
{
|
|
imports = [
|
|
flake.self.nixosModules.home-manager
|
|
flake.self.nixosModules.core
|
|
./global.nix
|
|
];
|
|
|
|
systemd.tmpfiles.rules = [ "f /tmp/step-ca-intermediate-pw 1777 root root 10d password" ];
|
|
|
|
services.step-ca =
|
|
let
|
|
certificates = pkgs.stdenv.mkDerivation {
|
|
name = "certificates";
|
|
src = ./step;
|
|
installPhase = ''
|
|
mkdir -p $out;
|
|
cp -r certs $out/
|
|
cp -r secrets $out/
|
|
'';
|
|
};
|
|
in
|
|
{
|
|
enable = true;
|
|
openFirewall = true;
|
|
intermediatePasswordFile = "/tmp/step-ca-intermediate-pw";
|
|
port = 443;
|
|
address = "0.0.0.0";
|
|
settings = (builtins.fromJSON (builtins.readFile ./step/config/ca.json)) // {
|
|
root = "${certificates}/certs/root_ca.crt";
|
|
crt = "${certificates}/certs/intermediate_ca.crt";
|
|
key = "${certificates}/secrets/intermediate_ca_key";
|
|
db = {
|
|
type = "badgerv2";
|
|
dataSource = "/var/lib/step-ca/db";
|
|
};
|
|
};
|
|
};
|
|
}
|