diff options
| author | aszlig <aszlig@redmoonstudios.org> | 2016-04-11 13:33:48 +0200 |
|---|---|---|
| committer | aszlig <aszlig@redmoonstudios.org> | 2016-04-11 13:33:48 +0200 |
| commit | 05a7cd17fc540ab8851c6c20df7c41f180582b8c (patch) | |
| tree | d8e0a26ca596f83c366b5177106abafd6a1b288f /nixos/modules/services/misc/taskserver | |
| parent | 6395c87d075810f85677227477fa26eebb2d2041 (diff) | |
| download | nixlib-05a7cd17fc540ab8851c6c20df7c41f180582b8c.tar nixlib-05a7cd17fc540ab8851c6c20df7c41f180582b8c.tar.gz nixlib-05a7cd17fc540ab8851c6c20df7c41f180582b8c.tar.bz2 nixlib-05a7cd17fc540ab8851c6c20df7c41f180582b8c.tar.lz nixlib-05a7cd17fc540ab8851c6c20df7c41f180582b8c.tar.xz nixlib-05a7cd17fc540ab8851c6c20df7c41f180582b8c.tar.zst nixlib-05a7cd17fc540ab8851c6c20df7c41f180582b8c.zip | |
nixos/taskserver: Rename .pki options
We're now using .pki.server.* and .pki.ca.* so that it's entirely clear what these keys/certificates are for. For example we had just .pki.key before, which doesn't really tell very much about what it's for except if you look at the option description. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Diffstat (limited to 'nixos/modules/services/misc/taskserver')
| -rw-r--r-- | nixos/modules/services/misc/taskserver/default.nix | 33 |
1 files changed, 22 insertions, 11 deletions
diff --git a/nixos/modules/services/misc/taskserver/default.nix b/nixos/modules/services/misc/taskserver/default.nix index 6da516e4d15e..7e6e3d3873d8 100644 --- a/nixos/modules/services/misc/taskserver/default.nix +++ b/nixos/modules/services/misc/taskserver/default.nix @@ -28,24 +28,35 @@ let }; pkiOptions = { - cert = mkPkiOption '' - Fully qualified path to the server certificate. + ca.cert = mkPkiOption '' + Fully qualified path to the CA certificate. ''; - caCert = mkPkiOption '' - Fully qualified path to the CA certificate. + server.cert = mkPkiOption '' + Fully qualified path to the server certificate. ''; - crl = mkPkiOption '' + server.crl = mkPkiOption '' Fully qualified path to the server certificate revocation list. ''; - key = mkPkiOption '' + server.key = mkPkiOption '' Fully qualified path to the server key. ''; }; - needToCreateCA = all (c: isNull cfg.pki.${c}) (attrNames pkiOptions); + needToCreateCA = let + notFound = path: let + dotted = concatStringsSep "." path; + in throw "Can't find option definitions for path `${dotted}'."; + findPkiDefinitions = path: attrs: let + mkSublist = key: val: let + newPath = path ++ singleton key; + in if isOption val + then attrByPath newPath (notFound newPath) cfg.pki + else findPkiDefinitions newPath val; + in flatten (mapAttrsToList mkSublist attrs); + in all isNull (findPkiDefinitions [] pkiOptions); configFile = pkgs.writeText "taskdrc" '' # systemd related @@ -69,7 +80,7 @@ let # server server = ${cfg.listenHost}:${toString cfg.listenPort} - ${mkConfLine "server.crl" cfg.pki.crl} + ${mkConfLine "server.crl" cfg.pki.server.crl} # certificates ${mkConfLine "trust" cfg.trust} @@ -78,9 +89,9 @@ let server.cert = ${cfg.dataDir}/keys/server.cert server.key = ${cfg.dataDir}/keys/server.key '' else '' - ca.cert = ${cfg.pki.caCert} - server.cert = ${cfg.pki.cert} - server.key = ${cfg.pki.key} + ca.cert = ${cfg.pki.ca.cert} + server.cert = ${cfg.pki.server.cert} + server.key = ${cfg.pki.server.key} ''} ''; |