sys/pki/chains/default.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

{ lib, ... }:
with lib; {
  options.local.pki.chains =
    let
      chainType = mkOption {
        type = types.path;
        readOnly = true;
      };
    in
    {
      mail-fullchain-crl = chainType;
    };

  config.local.pki.chains = {
    # Orden de concatenación de mail-fullchain-crl.crt:
    # - Issuing CA cert
    # - Issuing CA CRL
    # - Intermediate CA cert
    # - Intermediate CA CRL
    # - Root CA cert
    # - Root CA CRL
    mail-fullchain-crl = ./mail-fullchain-crl.crt;
  };
}