sys/env, sys/pki: generate full list of certs by path

3 files changed, 19 insertions, 5 deletions

diff --git a/sys/mail/default.nix b/sys/mail/default.nix
index 0a888e8..6c1b610 100644
--- a/sys/mail/default.nix
+++ b/sys/mail/default.nix
@@ -92,11 +92,9 @@ in
 
               certLogins =
                 pkgs.writeText "cert-logins"
-                  (concatStrings (flatten (mapAttrsToList
-                    (uuid: names: map
-                      (addr: ''
-                        ${uuid}.mail-client@nodomain,${addr}:::::::user=${names.canonical}
-                      '')
+                  (concatLines (flatten (mapAttrsToList
+                    (certPath: names: map
+                      (addr: "${config.local.pki.byPath.${certPath}.commonName}@nodomain,${addr}:::::::user=${names.canonical}")
                       names.logins)
                     (listToAttrs (localCerts ++ vmailCerts)))));
 
diff --git a/sys/pki/by-path.nix b/sys/pki/by-path.nix
new file mode 100644
index 0000000..baca142
--- /dev/null
+++ b/sys/pki/by-path.nix
@@ -0,0 +1,15 @@
+{ config, lib, ... }:
+with lib; {
+  options.local.pki.byPath = mkOption {
+    type = with lib.types; attrsOf unspecified;
+    readOnly = true;
+  };
+
+  config.local.pki.byPath =
+    let
+      caWithLeaves = ca:
+        singleton { "${ca.path}" = ca; }
+        ++ map (leaf: { "${leaf.path}" = leaf; }) (attrValues ca.leaves);
+    in
+    mergeAttrsList (flatten (map caWithLeaves (attrValues config.local.pki.ca)));
+}
diff --git a/sys/pki/default.nix b/sys/pki/default.nix
index cca5964..75f7e52 100644
--- a/sys/pki/default.nix
+++ b/sys/pki/default.nix
@@ -1,5 +1,6 @@
 {
   imports = [
     ./ca.nix
+    ./by-path.nix
   ];
 }