diff options
| author | aszlig <aszlig@redmoonstudios.org> | 2016-04-11 12:58:29 +0200 |
|---|---|---|
| committer | aszlig <aszlig@redmoonstudios.org> | 2016-04-11 12:58:29 +0200 |
| commit | 6395c87d075810f85677227477fa26eebb2d2041 (patch) | |
| tree | 3d0fb07ab867629962bcb12ac34910199d0e1fdd /nixos/modules/services/misc/taskserver | |
| parent | 6df374910f64cd66b3d55652a4c2368c418dca50 (diff) | |
| download | nixlib-6395c87d075810f85677227477fa26eebb2d2041.tar nixlib-6395c87d075810f85677227477fa26eebb2d2041.tar.gz nixlib-6395c87d075810f85677227477fa26eebb2d2041.tar.bz2 nixlib-6395c87d075810f85677227477fa26eebb2d2041.tar.lz nixlib-6395c87d075810f85677227477fa26eebb2d2041.tar.xz nixlib-6395c87d075810f85677227477fa26eebb2d2041.tar.zst nixlib-6395c87d075810f85677227477fa26eebb2d2041.zip | |
nixos/taskserver: Improve doc for PKI options
The improvement here is just that we're adding a big <note/> here so that users of these options are aware that whenever they're setting one of these the certificates and keys are _not_ created automatically. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Diffstat (limited to 'nixos/modules/services/misc/taskserver')
| -rw-r--r-- | nixos/modules/services/misc/taskserver/default.nix | 63 |
1 files changed, 30 insertions, 33 deletions
diff --git a/nixos/modules/services/misc/taskserver/default.nix b/nixos/modules/services/misc/taskserver/default.nix index 4dc5027b4bda..6da516e4d15e 100644 --- a/nixos/modules/services/misc/taskserver/default.nix +++ b/nixos/modules/services/misc/taskserver/default.nix @@ -17,7 +17,35 @@ let result = "${key} = ${mkVal val}"; in optionalString (val != null && val != []) result; - needToCreateCA = all isNull (with cfg.pki; [ key cert crl caCert ]); + mkPkiOption = desc: mkOption { + type = types.nullOr types.path; + default = null; + description = desc + '' + <note><para> + Setting this option will prevent automatic CA creation and handling. + </para></note> + ''; + }; + + pkiOptions = { + cert = mkPkiOption '' + Fully qualified path to the server certificate. + ''; + + caCert = mkPkiOption '' + Fully qualified path to the CA certificate. + ''; + + crl = mkPkiOption '' + Fully qualified path to the server certificate revocation list. + ''; + + key = mkPkiOption '' + Fully qualified path to the server key. + ''; + }; + + needToCreateCA = all (c: isNull cfg.pki.${c}) (attrNames pkiOptions); configFile = pkgs.writeText "taskdrc" '' # systemd related @@ -274,38 +302,7 @@ in { ''; }; - pki = { - cert = mkOption { - type = types.nullOr types.path; - default = null; - description = "Fully qualified path to the server certificate"; - }; - - caCert = mkOption { - type = types.nullOr types.path; - default = null; - description = "Fully qualified path to the CA certificate."; - }; - - crl = mkOption { - type = types.nullOr types.path; - default = null; - description = '' - Fully qualified path to the server certificate revocation list. - ''; - }; - - key = mkOption { - type = types.nullOr types.path; - default = null; - description = '' - Fully qualified path to the server key. - - Note that reloading the <literal>taskserver.service</literal> causes - a configuration file reload before the next request is handled. - ''; - }; - }; + pki = pkiOptions; }; }; |