diff options
author | aszlig <aszlig@redmoonstudios.org> | 2016-04-11 12:47:39 +0200 |
---|---|---|
committer | aszlig <aszlig@redmoonstudios.org> | 2016-04-11 12:47:39 +0200 |
commit | 6df374910f64cd66b3d55652a4c2368c418dca50 (patch) | |
tree | dd7b3749195905f9b66ff4d2f380b66d8d7330d0 /nixos/modules/services/misc/taskserver | |
parent | 3affead91bd15345788554bdf1157393488a514e (diff) | |
download | nixlib-6df374910f64cd66b3d55652a4c2368c418dca50.tar nixlib-6df374910f64cd66b3d55652a4c2368c418dca50.tar.gz nixlib-6df374910f64cd66b3d55652a4c2368c418dca50.tar.bz2 nixlib-6df374910f64cd66b3d55652a4c2368c418dca50.tar.lz nixlib-6df374910f64cd66b3d55652a4c2368c418dca50.tar.xz nixlib-6df374910f64cd66b3d55652a4c2368c418dca50.tar.zst nixlib-6df374910f64cd66b3d55652a4c2368c418dca50.zip |
nixos/taskserver: Move .trust out of .pki
This is clearly a server configuration option and has nothing to do with certificate creation and signing, so let's move it away from the .pki namespace. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Diffstat (limited to 'nixos/modules/services/misc/taskserver')
-rw-r--r-- | nixos/modules/services/misc/taskserver/default.nix | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/nixos/modules/services/misc/taskserver/default.nix b/nixos/modules/services/misc/taskserver/default.nix index c5c3600c1a61..4dc5027b4bda 100644 --- a/nixos/modules/services/misc/taskserver/default.nix +++ b/nixos/modules/services/misc/taskserver/default.nix @@ -44,7 +44,7 @@ let ${mkConfLine "server.crl" cfg.pki.crl} # certificates - ${mkConfLine "trust" cfg.pki.trust} + ${mkConfLine "trust" cfg.trust} ${if needToCreateCA then '' ca.cert = ${cfg.dataDir}/keys/ca.cert server.cert = ${cfg.dataDir}/keys/server.cert @@ -261,6 +261,19 @@ in { ''; }; + trust = mkOption { + type = types.enum [ "allow all" "strict" ]; + default = "strict"; + description = '' + Determines how client certificates are validated. + + The value <literal>allow all</literal> performs no client + certificate validation. This is not recommended. The value + <literal>strict</literal> causes the client certificate to be + validated against a CA. + ''; + }; + pki = { cert = mkOption { type = types.nullOr types.path; @@ -292,19 +305,6 @@ in { a configuration file reload before the next request is handled. ''; }; - - trust = mkOption { - type = types.enum [ "allow all" "strict" ]; - default = "strict"; - description = '' - Determines how client certificates are validated. - - The value <literal>allow all</literal> performs no client - certificate validation. This is not recommended. The value - <literal>strict</literal> causes the client certificate to be - validated against a CA. - ''; - }; }; }; }; |