sys/pki: move certificate list to certs.nix

3 files changed, 32 insertions, 30 deletions

diff --git a/sys/pki/ca.nix b/sys/pki/ca.nix
index 8814338..70640be 100644
--- a/sys/pki/ca.nix
+++ b/sys/pki/ca.nix
@@ -87,34 +87,4 @@ in
     type = certsType null;
     readOnly = true;
   };
-
-  config.local.pki.ca = {
-    home = {
-      crl = ./public/home-crl.pem;
-      cert = ./public/home-ca.pem;
-      issuer = "root";
-
-      leaves = {
-        user-firefox.cert = ./public/home-user-firefox.pem;
-      };
-    };
-
-    mail = {
-      crl = ./public/mail-crl.pem;
-      cert = ./public/mail-ca.pem;
-      issuer = "root";
-
-      leaves = {
-        kiev.cert = ./public/mail-kiev.pem;
-        larsa.cert = ./public/mail-larsa.pem;
-      };
-    };
-
-    root = {
-      crl = ./public/root-crl.pem;
-      cert = ./public/root-ca.pem;
-      issuer = null;
-      leaves = { };
-    };
-  };
 }
diff --git a/sys/pki/certs.nix b/sys/pki/certs.nix
new file mode 100644
index 0000000..c191fc5
--- /dev/null
+++ b/sys/pki/certs.nix
@@ -0,0 +1,31 @@
+{
+  config.local.pki.ca = {
+    home = {
+      crl = ./public/home-crl.pem;
+      cert = ./public/home-ca.pem;
+      issuer = "root";
+
+      leaves = {
+        user-firefox.cert = ./public/home-user-firefox.pem;
+      };
+    };
+
+    mail = {
+      crl = ./public/mail-crl.pem;
+      cert = ./public/mail-ca.pem;
+      issuer = "root";
+
+      leaves = {
+        kiev.cert = ./public/mail-kiev.pem;
+        larsa.cert = ./public/mail-larsa.pem;
+      };
+    };
+
+    root = {
+      crl = ./public/root-crl.pem;
+      cert = ./public/root-ca.pem;
+      issuer = null;
+      leaves = { };
+    };
+  };
+}
diff --git a/sys/pki/default.nix b/sys/pki/default.nix
index 75f7e52..30519af 100644
--- a/sys/pki/default.nix
+++ b/sys/pki/default.nix
@@ -1,6 +1,7 @@
 {
   imports = [
     ./ca.nix
+    ./certs.nix
     ./by-path.nix
   ];
 }