diff options
author | aszlig <aszlig@redmoonstudios.org> | 2016-04-11 12:38:16 +0200 |
---|---|---|
committer | aszlig <aszlig@redmoonstudios.org> | 2016-04-11 12:38:16 +0200 |
commit | 6de94e7d2449eefccdb99100426759472e4b14a4 (patch) | |
tree | cea54a4873c8479b8c4a2edc11adbe913b7b2b12 /nixos/modules/services/misc/taskserver | |
parent | d6bd457d1f5514468a34c32e54076d0cf5a02122 (diff) | |
download | nixlib-6de94e7d2449eefccdb99100426759472e4b14a4.tar nixlib-6de94e7d2449eefccdb99100426759472e4b14a4.tar.gz nixlib-6de94e7d2449eefccdb99100426759472e4b14a4.tar.bz2 nixlib-6de94e7d2449eefccdb99100426759472e4b14a4.tar.lz nixlib-6de94e7d2449eefccdb99100426759472e4b14a4.tar.xz nixlib-6de94e7d2449eefccdb99100426759472e4b14a4.tar.zst nixlib-6de94e7d2449eefccdb99100426759472e4b14a4.zip |
nixos/taskserver: Rename .server options to .pki
After moving out the PKI-unrelated options, let's name this a bit more appropriate, so we can finally get rid of the taskserver.server thing. This also moves taskserver.caCert to taskserver.pki.caCert, because that clearly belongs to the PKI options. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Diffstat (limited to 'nixos/modules/services/misc/taskserver')
-rw-r--r-- | nixos/modules/services/misc/taskserver/default.nix | 37 |
1 files changed, 18 insertions, 19 deletions
diff --git a/nixos/modules/services/misc/taskserver/default.nix b/nixos/modules/services/misc/taskserver/default.nix index 8f760a4579d4..063002167cf5 100644 --- a/nixos/modules/services/misc/taskserver/default.nix +++ b/nixos/modules/services/misc/taskserver/default.nix @@ -17,9 +17,7 @@ let result = "${key} = ${mkVal val}"; in optionalString (val != null && val != []) result; - needToCreateCA = all isNull (with cfg; [ - server.key server.cert server.crl caCert - ]); + needToCreateCA = all isNull (with cfg.pki; [ key cert crl caCert ]); configFile = pkgs.writeText "taskdrc" '' # systemd related @@ -43,18 +41,18 @@ let # server server = ${cfg.listenHost}:${toString cfg.listenPort} - ${mkConfLine "server.crl" cfg.server.crl} + ${mkConfLine "server.crl" cfg.pki.crl} # certificates - ${mkConfLine "trust" cfg.server.trust} + ${mkConfLine "trust" cfg.pki.trust} ${if needToCreateCA then '' ca.cert = ${cfg.dataDir}/keys/ca.cert server.cert = ${cfg.dataDir}/keys/server.cert server.key = ${cfg.dataDir}/keys/server.key '' else '' - ca.cert = ${cfg.caCert} - server.cert = ${cfg.server.cert} - server.key = ${cfg.server.key} + ca.cert = ${cfg.pki.caCert} + server.cert = ${cfg.pki.cert} + server.key = ${cfg.pki.key} ''} ''; @@ -91,7 +89,7 @@ let certtool = "${pkgs.gnutls}/bin/certtool"; inherit taskd; inherit (cfg) dataDir user group; - inherit (cfg.server) fqdn; + inherit (cfg.pki) fqdn; }}" > "$out/main.py" cat > "$out/setup.py" <<EOF from setuptools import setup @@ -134,12 +132,6 @@ in { description = "Data directory for Taskserver."; }; - caCert = mkOption { - type = types.nullOr types.path; - default = null; - description = "Fully qualified path to the CA certificate."; - }; - ciphers = mkOption { type = types.nullOr (types.separatedString ":"); default = null; @@ -261,12 +253,13 @@ in { ''; }; - server = { + pki = { fqdn = mkOption { type = types.str; default = "localhost"; description = '' - The fully qualified domain name of this server. + The fully qualified domain name of this server, which is used as the + common name in the certificates. ''; }; @@ -276,6 +269,12 @@ in { description = "Fully qualified path to the server certificate"; }; + caCert = mkOption { + type = types.nullOr types.path; + default = null; + description = "Fully qualified path to the CA certificate."; + }; + crl = mkOption { type = types.nullOr types.path; default = null; @@ -346,7 +345,7 @@ in { --outfile "${cfg.dataDir}/keys/ca.key" ${pkgs.gnutls}/bin/certtool -s \ --template "${pkgs.writeText "taskserver-ca.template" '' - cn = ${cfg.server.fqdn} + cn = ${cfg.pki.fqdn} cert_signing_key ca ''}" \ @@ -364,7 +363,7 @@ in { ${pkgs.gnutls}/bin/certtool -c \ --template "${pkgs.writeText "taskserver-cert.template" '' - cn = ${cfg.server.fqdn} + cn = ${cfg.pki.fqdn} tls_www_server encryption_key signing_key |