feat(system/services/taskserver): Integrate Let's Encrypt certificates

The current setup now runs the `taskserver.vhack.eu` domain with a Let's Encrypt certificate and additionally uses a self-signed CA certificate to validate clients. The shell scripts used to generate the CA certificate and the derived client certificate (and keys) are taken nearly unmodified from the upstream repository [1]. [1]: https://github.com/GothenburgBitFactory/taskserver/tree/9794cff61e56bdfb193c6aa4cebb57970ac68aef/pki
author: Soispha <soispha@vhack.eu> 2023-10-04 20:11:42 +0200
committer: Soispha <soispha@vhack.eu> 2023-10-16 17:20:00 +0200
commit: 1dd6f8d3b4d7dc93095e662aaca190d3fe1be264 (patch)
tree: a6b06ec7b3a400f22f41627f8497258fb6b8d6f1 /system/services/taskserver/certs/vars
parent: fix(system/services/taskserver): declare certs/keys in pki.manual (diff)
download: nixos-server-1dd6f8d3b4d7dc93095e662aaca190d3fe1be264.tar.gz
nixos-server-1dd6f8d3b4d7dc93095e662aaca190d3fe1be264.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/system/services/taskserver/certs/vars b/system/services/taskserver/certs/vars
new file mode 100644
index 0000000..50d753a
--- /dev/null
+++ b/system/services/taskserver/certs/vars
@@ -0,0 +1,7 @@
+SEC_PARAM=ultra
+EXPIRATION_DAYS=365
+ORGANIZATION="Vhack"
+CN=taskserver.vhack.eu
+COUNTRY=EU
+#STATE="Germany"
+#LOCALITY="Göteborg"
author	Soispha <soispha@vhack.eu>	2023-10-04 20:11:42 +0200
committer	Soispha <soispha@vhack.eu>	2023-10-16 17:20:00 +0200
commit	1dd6f8d3b4d7dc93095e662aaca190d3fe1be264 (patch)
tree	a6b06ec7b3a400f22f41627f8497258fb6b8d6f1 /system/services/taskserver/certs/vars
parent	fix(system/services/taskserver): declare certs/keys in pki.manual (diff)
download	nixos-server-1dd6f8d3b4d7dc93095e662aaca190d3fe1be264.tar.gz nixos-server-1dd6f8d3b4d7dc93095e662aaca190d3fe1be264.zip