summary refs log tree commit diff stats
path: root/system/services/taskserver
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--system/services/taskserver/default.nix26
1 files changed, 19 insertions, 7 deletions
diff --git a/system/services/taskserver/default.nix b/system/services/taskserver/default.nix
index 33416e6..afbd09c 100644
--- a/system/services/taskserver/default.nix
+++ b/system/services/taskserver/default.nix
@@ -9,14 +9,23 @@ in {
         key = "${taskStore}/privkey.pem";
       };
     };
-    pki.auto = {
-      expiration = {
-        server = 365;
-        crl = 365;
-        client = 365;
-        ca = 365;
+    pki = {
+      auto = {
+        expiration = {
+          server = 365;
+          crl = 365;
+          client = 365;
+          ca = 365;
+        };
+        bits = 4096;
+      };
+      manual = {
+        ca.cert = builtins.toPath "${taskStore}/cert.pem";
+        server = {
+          cert = builtins.toPath "${taskStore}/fullchain.pem";
+          key = builtins.toPath "${taskStore}/privkey.pem";
+        };
       };
-      bits = 4096;
     };
     organisations = import ./organisations.nix;
     trust = "strict";
@@ -34,12 +43,15 @@ in {
         set -x
         rm "${taskStore}/key.pem"
         rm "${taskStore}/fullchain.pem"
+        rm "${taskStore}/cert.pem"
 
         cp key.pem "${taskStore}";
         cp fullchain.pem "${taskStore}";
+        cp cert.pem "${taskStore}";
 
         chown taskd:taskd "${taskStore}/key.pem"
         chown taskd:taskd "${taskStore}/fullchain.pem"
+        chown taskd:taskd "${taskStore}/cert.pem"
       '';
   };
 }