about summary refs log tree commit diff
path: root/nixos/modules/services/misc/taskserver
diff options
context:
space:
mode:
authoraszlig <aszlig@redmoonstudios.org>2016-04-11 12:47:39 +0200
committeraszlig <aszlig@redmoonstudios.org>2016-04-11 12:47:39 +0200
commit6df374910f64cd66b3d55652a4c2368c418dca50 (patch)
treedd7b3749195905f9b66ff4d2f380b66d8d7330d0 /nixos/modules/services/misc/taskserver
parent3affead91bd15345788554bdf1157393488a514e (diff)
downloadnixlib-6df374910f64cd66b3d55652a4c2368c418dca50.tar
nixlib-6df374910f64cd66b3d55652a4c2368c418dca50.tar.gz
nixlib-6df374910f64cd66b3d55652a4c2368c418dca50.tar.bz2
nixlib-6df374910f64cd66b3d55652a4c2368c418dca50.tar.lz
nixlib-6df374910f64cd66b3d55652a4c2368c418dca50.tar.xz
nixlib-6df374910f64cd66b3d55652a4c2368c418dca50.tar.zst
nixlib-6df374910f64cd66b3d55652a4c2368c418dca50.zip
nixos/taskserver: Move .trust out of .pki
This is clearly a server configuration option and has nothing to do with
certificate creation and signing, so let's move it away from the .pki
namespace.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Diffstat (limited to 'nixos/modules/services/misc/taskserver')
-rw-r--r--nixos/modules/services/misc/taskserver/default.nix28
1 files changed, 14 insertions, 14 deletions
diff --git a/nixos/modules/services/misc/taskserver/default.nix b/nixos/modules/services/misc/taskserver/default.nix
index c5c3600c1a61..4dc5027b4bda 100644
--- a/nixos/modules/services/misc/taskserver/default.nix
+++ b/nixos/modules/services/misc/taskserver/default.nix
@@ -44,7 +44,7 @@ let
     ${mkConfLine "server.crl" cfg.pki.crl}
 
     # certificates
-    ${mkConfLine "trust" cfg.pki.trust}
+    ${mkConfLine "trust" cfg.trust}
     ${if needToCreateCA then ''
       ca.cert = ${cfg.dataDir}/keys/ca.cert
       server.cert = ${cfg.dataDir}/keys/server.cert
@@ -261,6 +261,19 @@ in {
         '';
       };
 
+      trust = mkOption {
+        type = types.enum [ "allow all" "strict" ];
+        default = "strict";
+        description = ''
+          Determines how client certificates are validated.
+
+          The value <literal>allow all</literal> performs no client
+          certificate validation. This is not recommended. The value
+          <literal>strict</literal> causes the client certificate to be
+          validated against a CA.
+        '';
+      };
+
       pki = {
         cert = mkOption {
           type = types.nullOr types.path;
@@ -292,19 +305,6 @@ in {
             a configuration file reload before the next request is handled.
           '';
         };
-
-        trust = mkOption {
-          type = types.enum [ "allow all" "strict" ];
-          default = "strict";
-          description = ''
-            Determines how client certificates are validated.
-
-            The value <literal>allow all</literal> performs no client
-            certificate validation. This is not recommended. The value
-            <literal>strict</literal> causes the client certificate to be
-            validated against a CA.
-          '';
-        };
       };
     };
   };
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-07 00:11:59 +0000