diff options
author | sils <sils@sils.li> | 2023-10-04 13:24:47 +0200 |
---|---|---|
committer | Soispha <soispha@vhack.eu> | 2023-10-16 17:19:59 +0200 |
commit | c74c8d7b96f276a4d9cd50c62d9e8abce0b87e6c (patch) | |
tree | c42816fb3443bb9e5c15d420784ae3f1b9902750 | |
parent | feat(system/services/taskserver): change ca to letsencrypt (diff) | |
download | nixos-server-c74c8d7b96f276a4d9cd50c62d9e8abce0b87e6c.tar.gz nixos-server-c74c8d7b96f276a4d9cd50c62d9e8abce0b87e6c.zip |
fix(system/services/taskserver): declare certs/keys in pki.manual
-rw-r--r-- | system/services/taskserver/default.nix | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/system/services/taskserver/default.nix b/system/services/taskserver/default.nix index 33416e6..afbd09c 100644 --- a/system/services/taskserver/default.nix +++ b/system/services/taskserver/default.nix @@ -9,14 +9,23 @@ in { key = "${taskStore}/privkey.pem"; }; }; - pki.auto = { - expiration = { - server = 365; - crl = 365; - client = 365; - ca = 365; + pki = { + auto = { + expiration = { + server = 365; + crl = 365; + client = 365; + ca = 365; + }; + bits = 4096; + }; + manual = { + ca.cert = builtins.toPath "${taskStore}/cert.pem"; + server = { + cert = builtins.toPath "${taskStore}/fullchain.pem"; + key = builtins.toPath "${taskStore}/privkey.pem"; + }; }; - bits = 4096; }; organisations = import ./organisations.nix; trust = "strict"; @@ -34,12 +43,15 @@ in { set -x rm "${taskStore}/key.pem" rm "${taskStore}/fullchain.pem" + rm "${taskStore}/cert.pem" cp key.pem "${taskStore}"; cp fullchain.pem "${taskStore}"; + cp cert.pem "${taskStore}"; chown taskd:taskd "${taskStore}/key.pem" chown taskd:taskd "${taskStore}/fullchain.pem" + chown taskd:taskd "${taskStore}/cert.pem" ''; }; } |