diff options
| author | Alejandro Soto <alejandro@34project.org> | 2024-07-28 13:23:37 -0600 |
|---|---|---|
| committer | Alejandro Soto <alejandro@34project.org> | 2024-07-28 13:23:57 -0600 |
| commit | bd30588eac90b498457c7e0b5687a33e7585425a (patch) | |
| tree | 068404d578f686a2e9f8bef0cf1a41911808a5b4 /sys/pki/ca.nix | |
| parent | baf553ca73b842062aaf957a227fcb18ebfdf5ae (diff) | |
pki: rename from sys/pki, import in home
Diffstat (limited to 'sys/pki/ca.nix')
| -rw-r--r-- | sys/pki/ca.nix | 90 |
1 files changed, 0 insertions, 90 deletions
diff --git a/sys/pki/ca.nix b/sys/pki/ca.nix deleted file mode 100644 index 70640be..0000000 --- a/sys/pki/ca.nix +++ /dev/null @@ -1,90 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; let - cfg = config.local.pki.ca; - - inherit (pkgs.buildPackages) openssl; - - certsType = leafOf: with lib.types; attrsOf (submodule ({ config, name, ... }: { - options = { - cert = mkOption { - type = path; - readOnly = true; - }; - - fingerprint.sha256 = mkOption { - type = str; - readOnly = true; - }; - - fullchain = mkOption { - type = path; - readOnly = true; - }; - - issuer = mkOption { - type = nullOr str; - readOnly = true; - }; - - path = mkOption { - type = str; - readOnly = true; - }; - } // optionalAttrs (leafOf != null) { - commonName = mkOption { - type = str; - readOnly = true; - }; - } // optionalAttrs (leafOf == null) { - crl = mkOption { - type = path; - readOnly = true; - }; - - certWithCrl = mkOption { - type = path; - readOnly = true; - }; - - leaves = mkOption { - type = certsType name; - readOnly = true; - }; - }; - - config = { - fingerprint.sha256 = readFile (pkgs.runCommandNoCCLocal "cert-${config.path}-fprint-sha256" { } '' - ${openssl}/bin/openssl x509 -in ${config.cert} -noout -sha256 -fingerprint \ - | sed 's/^.*=//' \ - | tr -d $'\n' \ - >$out - ''); - - fullchain = pkgs.writeText "${name}-fullchain-crl.pem" - (concatStrings (map readFile - (singleton (if leafOf != null then config.cert else config.certWithCrl) - ++ optional (config.issuer != null) cfg.${config.issuer}.fullchain))); - - path = optionalString (config.issuer != null) (cfg.${config.issuer}.path + ".") + name; - } // optionalAttrs (leafOf != null) { - commonName = readFile (pkgs.runCommandNoCCLocal "cert-${config.path}-fprint-sha256" { } '' - ${openssl}/bin/openssl x509 -in ${config.cert} -noout -subject -nameopt multiline \ - | grep commonName \ - | sed 's/^.*=\s*//' \ - | tr -d $'\n' \ - >$out - ''); - - issuer = leafOf; - } // optionalAttrs (leafOf == null) { - certWithCrl = pkgs.writeText "${name}-cert-crl.pem" - (concatStrings (map readFile [ config.cert config.crl ])); - }; - })); -in -{ - options.local.pki.ca = mkOption { - type = certsType null; - readOnly = true; - }; -} |