summaryrefslogtreecommitdiff
path: root/sys/pki
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--sys/pki/ca.nix51
-rw-r--r--sys/pki/chains/default.nix24
-rw-r--r--sys/pki/chains/mail-fullchain-crl.crt130
-rw-r--r--sys/pki/default.nix2
-rw-r--r--sys/pki/public/README.md1
5 files changed, 53 insertions, 155 deletions
diff --git a/sys/pki/ca.nix b/sys/pki/ca.nix
new file mode 100644
index 0000000..4e8f841
--- /dev/null
+++ b/sys/pki/ca.nix
@@ -0,0 +1,51 @@
+{ config, lib, pkgs, ... }:
+with lib; let
+ cfg = config.local.pki.ca;
+in
+{
+ options.local.pki.ca = mkOption {
+ readOnly = true;
+
+ type = with lib.types; attrsOf (submodule ({ config, name, ... }: {
+ options = {
+ cert = mkOption {
+ type = path;
+ readOnly = true;
+ };
+
+ crl = mkOption {
+ type = path;
+ readOnly = true;
+ };
+
+ fullchain = mkOption {
+ type = path;
+ readOnly = true;
+ };
+
+ issuer = mkOption {
+ type = nullOr str;
+ readOnly = true;
+ };
+ };
+
+ config.fullchain = pkgs.writeText "${name}-fullchain-crl.pem"
+ (concatStrings (map readFile
+ ([ config.cert config.crl ] ++ optional (config.issuer != null) cfg.${config.issuer}.fullchain)));
+ }));
+ };
+
+ config.local.pki.ca = {
+ mail = {
+ crl = ./public/mail-crl.pem;
+ cert = ./public/mail-ca.pem;
+ issuer = "root";
+ };
+
+ root = {
+ crl = ./public/root-crl.pem;
+ cert = ./public/root-ca.pem;
+ issuer = null;
+ };
+ };
+}
diff --git a/sys/pki/chains/default.nix b/sys/pki/chains/default.nix
deleted file mode 100644
index 5bbde43..0000000
--- a/sys/pki/chains/default.nix
+++ /dev/null
@@ -1,24 +0,0 @@
-{ lib, ... }:
-with lib; {
- options.local.pki.chains =
- let
- chainType = mkOption {
- type = types.path;
- readOnly = true;
- };
- in
- {
- mail-fullchain-crl = chainType;
- };
-
- config.local.pki.chains = {
- # Orden de concatenación de mail-fullchain-crl.crt:
- # - Issuing CA cert
- # - Issuing CA CRL
- # - Intermediate CA cert
- # - Intermediate CA CRL
- # - Root CA cert
- # - Root CA CRL
- mail-fullchain-crl = ./mail-fullchain-crl.crt;
- };
-}
diff --git a/sys/pki/chains/mail-fullchain-crl.crt b/sys/pki/chains/mail-fullchain-crl.crt
deleted file mode 100644
index 90f12c0..0000000
--- a/sys/pki/chains/mail-fullchain-crl.crt
+++ /dev/null
@@ -1,130 +0,0 @@
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number:
- e6:3b:3b:e5:2a:74:f9:9c:b6:8f:75:c8:69:1b:45:04
- Signature Algorithm: sha256WithRSAEncryption
- Issuer: CN=34project.org root CA
- Validity
- Not Before: Feb 10 16:40:27 2023 GMT
- Not After : May 15 16:40:27 2025 GMT
- Subject: CN=34project.org mail CA
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- Public-Key: (2048 bit)
- Modulus:
- 00:b2:ba:de:e3:b2:4f:9a:fd:13:ae:2c:ab:24:b1:
- 6a:f5:cc:82:d1:6e:cd:6c:23:50:98:23:f6:18:da:
- aa:cd:3a:90:1d:2a:7a:c3:ca:75:95:a6:3a:ee:bb:
- 6f:b3:9e:60:5a:e7:7a:cc:15:46:e2:3a:0f:10:6b:
- 12:11:ca:21:66:85:01:96:d3:97:c8:bf:af:4a:c1:
- 7b:81:ee:d4:74:fb:77:d1:99:e2:16:c1:bf:f8:df:
- 07:9a:56:05:10:5e:60:54:f8:b3:4d:ec:73:f6:4a:
- e0:a7:84:2a:da:9d:20:1f:8a:c8:db:82:06:3c:15:
- 75:6f:7b:d1:48:07:a9:63:af:a3:95:50:58:be:d7:
- 7e:68:a9:16:17:53:73:25:61:8e:2c:f8:0b:ac:e9:
- b0:a9:c7:2f:7a:a5:64:31:76:e3:92:a7:68:81:ae:
- f3:e6:c4:7a:2f:98:f7:e4:3f:6a:f2:98:1a:54:fc:
- 03:09:f7:88:3c:a2:cb:ed:f8:bc:cb:69:f5:19:62:
- 34:d8:a1:72:9e:0e:db:2b:7c:23:95:4d:70:2e:c7:
- 5a:6f:90:46:45:44:69:c9:3e:b9:60:76:cb:b2:fd:
- 3e:d9:3f:82:47:2a:4e:5f:e9:69:d9:65:a9:7e:18:
- 83:3e:b5:bc:fb:ce:4e:6a:3a:4d:1b:d7:9c:7a:02:
- fe:23
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:TRUE
- X509v3 Subject Key Identifier:
- 25:09:32:4B:06:AD:34:A1:3A:F0:FA:97:E3:A4:DE:F9:C2:E0:26:BA
- X509v3 Authority Key Identifier:
- keyid:BA:7A:D0:D7:F3:F6:A1:29:27:7C:6F:E0:95:3F:3D:F8:73:8A:51:BE
- DirName:/CN=34project.org root CA
- serial:03:C0:A5:81:CF:66:7D:BC:59:92:2D:FB:B9:C5:9C:59:C0:FB:34:ED
- X509v3 Key Usage:
- Certificate Sign, CRL Sign
- Signature Algorithm: sha256WithRSAEncryption
- Signature Value:
- 93:fa:59:c2:a2:22:ed:cc:96:d8:32:36:ed:3a:b9:25:36:d4:
- ed:ba:99:1b:aa:d0:dc:07:7a:3c:0e:97:68:77:5a:97:d1:5d:
- f3:7d:88:65:8a:b6:1f:b1:18:ce:c2:49:85:68:a9:9b:f3:67:
- 21:71:bf:f8:1e:4a:44:35:ed:68:15:93:ea:ab:c8:00:3b:82:
- 31:a1:c1:59:71:71:04:25:ec:c5:4d:98:4a:ba:32:28:7d:14:
- 36:c3:d3:d0:84:48:86:13:f7:67:0d:90:dd:a8:52:1d:2d:a1:
- 1c:07:20:56:7d:05:9b:ec:8f:30:48:c3:a0:14:5d:93:5e:b3:
- 73:12:5d:89:41:74:84:8c:7f:66:d0:ff:41:36:d5:94:10:bd:
- ad:0e:ca:79:52:f0:ca:81:a2:3b:84:ea:f4:0f:af:0a:95:13:
- 22:4f:83:8b:18:4e:33:9d:ec:d3:fb:aa:d9:77:e2:48:5d:1e:
- 07:fe:c5:41:4d:b2:41:9f:95:76:60:82:ff:6e:68:d7:ba:88:
- b3:5f:e2:e6:fc:db:40:82:3f:fe:0b:d9:0b:e5:d8:d4:24:60:
- 99:7d:3c:4d:3c:af:71:d3:5b:32:c9:0e:70:77:c1:fa:d9:d3:
- 7f:45:0a:d4:da:a2:b1:9d:7a:1e:ca:2e:74:f3:9c:1f:ae:22:
- 60:5c:04:26
------BEGIN CERTIFICATE-----
-MIIDZjCCAk6gAwIBAgIRAOY7O+UqdPmcto91yGkbRQQwDQYJKoZIhvcNAQELBQAw
-IDEeMBwGA1UEAwwVMzRwcm9qZWN0Lm9yZyByb290IENBMB4XDTIzMDIxMDE2NDAy
-N1oXDTI1MDUxNTE2NDAyN1owIDEeMBwGA1UEAwwVMzRwcm9qZWN0Lm9yZyBtYWls
-IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrre47JPmv0Triyr
-JLFq9cyC0W7NbCNQmCP2GNqqzTqQHSp6w8p1laY67rtvs55gWud6zBVG4joPEGsS
-EcohZoUBltOXyL+vSsF7ge7UdPt30ZniFsG/+N8HmlYFEF5gVPizTexz9krgp4Qq
-2p0gH4rI24IGPBV1b3vRSAepY6+jlVBYvtd+aKkWF1NzJWGOLPgLrOmwqccveqVk
-MXbjkqdoga7z5sR6L5j35D9q8pgaVPwDCfeIPKLL7fi8y2n1GWI02KFyng7bK3wj
-lU1wLsdab5BGRURpyT65YHbLsv0+2T+CRypOX+lp2WWpfhiDPrW8+85OajpNG9ec
-egL+IwIDAQABo4GaMIGXMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFCUJMksGrTSh
-OvD6l+Ok3vnC4Ca6MFsGA1UdIwRUMFKAFLp60Nfz9qEpJ3xv4JU/PfhzilG+oSSk
-IjAgMR4wHAYDVQQDDBUzNHByb2plY3Qub3JnIHJvb3QgQ0GCFAPApYHPZn28WZIt
-+7nFnFnA+zTtMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAk/pZwqIi
-7cyW2DI27Tq5JTbU7bqZG6rQ3Ad6PA6XaHdal9Fd832IZYq2H7EYzsJJhWipm/Nn
-IXG/+B5KRDXtaBWT6qvIADuCMaHBWXFxBCXsxU2YSroyKH0UNsPT0IRIhhP3Zw2Q
-3ahSHS2hHAcgVn0Fm+yPMEjDoBRdk16zcxJdiUF0hIx/ZtD/QTbVlBC9rQ7KeVLw
-yoGiO4Tq9A+vCpUTIk+DixhOM53s0/uq2XfiSF0eB/7FQU2yQZ+VdmCC/25o17qI
-s1/i5vzbQII//gvZC+XY1CRgmX08TTyvcdNbMskOcHfB+tnTf0UK1NqisZ16Hsou
-dPOcH64iYFwEJg==
------END CERTIFICATE-----
------BEGIN X509 CRL-----
-MIICNTCCAR0CAQEwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UEAwwVMzRwcm9qZWN0
-Lm9yZyBtYWlsIENBFw0yNDAyMTIwMDE0MjZaFw0yNDA4MTAwMDE0MjZaMGswIQIQ
-YQYMnNsJmU16Nod0NqOe2hcNMjQwMjExMjM1MTE2WjAiAhEAx7M3iEcU0r0A3Fko
-x+HCgBcNMjQwMjEyMDAxNDE2WjAiAhEA7wV44s24HKZ+FzGA+zEO4BcNMjQwMjEx
-MjM0NDM1WqBcMFowWAYDVR0jBFEwT4AUJQkySwatNKE68PqX46Te+cLgJrqhJKQi
-MCAxHjAcBgNVBAMMFTM0cHJvamVjdC5vcmcgcm9vdCBDQYIRAOY7O+UqdPmcto91
-yGkbRQQwDQYJKoZIhvcNAQELBQADggEBAAgWrSFwIAqjdP3ENQI4mO6RilmxYcju
-1nZ5DDIUVrvAyjhtHYmyBxEfdW2gcUkcRsF/bQmoAMp+S6gVE9qR7R1M8GIufcBO
-v45wDosr3hMYzGdUj9yUrzaCqeOjPpiuA33yGl6mBDgadZ0TInp1w9odI5nf+MfG
-d7Xjhh4ULC46chvHjSiUqbUWuGQBjpTLPonmcmOka9cK6VXYrisjaEIOS9bWu2BM
-WK2hP9MM9QWaqD/rcdFns+BX191q84JSRzg1f522MNxZYv6h0Xdw2zpFJ6z/fi3Q
-/MI7FlGoDawwh6JMDjqvlL7EUJm/Zg/S9nz4r1k3mR87VdP0125VlXo=
------END X509 CRL-----
------BEGIN CERTIFICATE-----
-MIIDaTCCAlGgAwIBAgIUA8Clgc9mfbxZki37ucWcWcD7NO0wDQYJKoZIhvcNAQEL
-BQAwIDEeMBwGA1UEAwwVMzRwcm9qZWN0Lm9yZyByb290IENBMB4XDTIzMDIxMDE2
-MjYyM1oXDTMzMDIwNzE2MjYyM1owIDEeMBwGA1UEAwwVMzRwcm9qZWN0Lm9yZyBy
-b290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApmERwjvZr/4i
-cy2DY2O11gmjfHqumpKOpSAiP2+MWHniXFxCI6EualHJ5EhMDCuukibeBBWRCCbE
-MZnkVsIxEM9TrpIr1AGODohqPyNjfQX+dBP2pChI79TGaQsPSL6NQltZbO5tYMjO
-0k2JcwvVy7yhtpWf9HTNV+VdeIW2/WGtqN3OQwgBeILHAp2cP2SaGV5Op587QY91
-jwSDYUpF29XeBc5Qw7zxLm4v4junL9IbdhXpoy+XaN2tfpUJdMLLGYjddWNhlBZf
-+SsrVw2bm0KzpYnTet7di82YcpBjLBWWTlUwpg+t57hiFYMYPkZbe4SEL5oipnkD
-lhIkFlFoWwIDAQABo4GaMIGXMB0GA1UdDgQWBBS6etDX8/ahKSd8b+CVPz34c4pR
-vjBbBgNVHSMEVDBSgBS6etDX8/ahKSd8b+CVPz34c4pRvqEkpCIwIDEeMBwGA1UE
-AwwVMzRwcm9qZWN0Lm9yZyByb290IENBghQDwKWBz2Z9vFmSLfu5xZxZwPs07TAM
-BgNVHRMEBTADAQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAQEAh725
-BU8/KqppUThpnSdQSldDT4I5whYymfxmJ1OqktvMoLl/AZUWh4VN2j/XlOd+3M4f
-1lbDz7Q1mfgING7Pz97A9ldm23RQCPk44xRhGq+W9r6VGa+Xa4vwgPG+4UP2CoaS
-U6egqfakHyePMFYd2XOEq5Eub8g5HAHX/p9p+cYEjMRM1xd2bOgclwlCLYnQQvby
-oZCpcZ4gFSdiAv6f8oOc0cLAK/385HtIr3BSe/7oCN6YkQ/K1p6odLO0KLuy0PQG
-TRFEif3cGLCsr73N+VJJ6Y4oUf/ZDJpQeLn8gWst0GLMSIcE7c6szeVMhwZvlnLX
-kLd9i8BdMNHiIsYdWw==
------END CERTIFICATE-----
------BEGIN X509 CRL-----
-MIIByjCBswIBATANBgkqhkiG9w0BAQsFADAgMR4wHAYDVQQDDBUzNHByb2plY3Qu
-b3JnIHJvb3QgQ0EXDTI0MDIxMjAwMTUwNVoXDTI0MDgxMDAwMTUwNVqgXzBdMFsG
-A1UdIwRUMFKAFLp60Nfz9qEpJ3xv4JU/PfhzilG+oSSkIjAgMR4wHAYDVQQDDBUz
-NHByb2plY3Qub3JnIHJvb3QgQ0GCFAPApYHPZn28WZIt+7nFnFnA+zTtMA0GCSqG
-SIb3DQEBCwUAA4IBAQAe0ta/QVGw1oqXzUEA6D1h7ATYvl0rieOKTxc2U84OrzHH
-qUdszri+vsJReTbvwE9o4YIpS1WgU00EXrCkY4TvtvRDJID4lTkSDfw4tv590mfQ
-hNW27WW9hg/ucZXZQ7Tj9yzNI3S9/0o770PRf2AHaYRhsn8FoqA8BkgNK7u4XU6q
-EtfGZpEzRGNhsj2fBCeGUVS5n78x+r9rtATF+7xXcMWj2bxvYqMRXvjkefFgHdYo
-L0jVdD7o4KWYF0NSlsL9ZoeN1AJIDhc8mFhaXkxz8wbIXNaV3wmsG83zcOFIYg3K
-XTbwbhNVBRfq+HmpMO4qFh/Ns4vAKUufOW805L8s
------END X509 CRL-----
diff --git a/sys/pki/default.nix b/sys/pki/default.nix
index 25f9f33..cca5964 100644
--- a/sys/pki/default.nix
+++ b/sys/pki/default.nix
@@ -1,5 +1,5 @@
{
imports = [
- ./chains
+ ./ca.nix
];
}
diff --git a/sys/pki/public/README.md b/sys/pki/public/README.md
new file mode 100644
index 0000000..37073ba
--- /dev/null
+++ b/sys/pki/public/README.md
@@ -0,0 +1 @@
+# This directory has been lustrated.
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-10 11:53:39 +0000