Loading nixos/tests/certmgr.nix +29 −1 Original line number Diff line number Diff line { runTest, pkgs, ... }: let authKey = pkgs.writeText "auth-key" "1234ABCD"; cfsslConfig = pkgs.writeText "config.json" ( builtins.toJSON { # also see `cfssl print-defaults config` auth_keys = { my_key = { type = "standard"; key = "file:${authKey}"; }; }; signing = { default = { expiry = "168h"; auth_key = "my_key"; usages = [ "digital signature" ]; }; }; } ); mkSpec = { host, Loading @@ -18,6 +39,7 @@ let label = "www_ca"; profile = "three-month"; remote = "localhost:8888"; auth_key_file = toString authKey; }; certificate = { group = "nginx"; Loading Loading @@ -75,7 +97,10 @@ let ]; networking.extraHosts = "127.0.0.1 imp.example.org decl.example.org"; services.cfssl.enable = true; services.cfssl = { enable = true; configFile = toString cfsslConfig; }; systemd.services.cfssl.after = [ "cfssl-init.service" "networking.target" Loading @@ -90,6 +115,9 @@ let User = "cfssl"; Type = "oneshot"; WorkingDirectory = config.services.cfssl.dataDir; # matches systemd.services.cfssl to run setup transparently StateDirectory = baseNameOf config.services.cfssl.dataDir; StateDirectoryMode = 700; }; script = '' ${pkgs.cfssl}/bin/cfssl genkey -initca ${ Loading Loading
nixos/tests/certmgr.nix +29 −1 Original line number Diff line number Diff line { runTest, pkgs, ... }: let authKey = pkgs.writeText "auth-key" "1234ABCD"; cfsslConfig = pkgs.writeText "config.json" ( builtins.toJSON { # also see `cfssl print-defaults config` auth_keys = { my_key = { type = "standard"; key = "file:${authKey}"; }; }; signing = { default = { expiry = "168h"; auth_key = "my_key"; usages = [ "digital signature" ]; }; }; } ); mkSpec = { host, Loading @@ -18,6 +39,7 @@ let label = "www_ca"; profile = "three-month"; remote = "localhost:8888"; auth_key_file = toString authKey; }; certificate = { group = "nginx"; Loading Loading @@ -75,7 +97,10 @@ let ]; networking.extraHosts = "127.0.0.1 imp.example.org decl.example.org"; services.cfssl.enable = true; services.cfssl = { enable = true; configFile = toString cfsslConfig; }; systemd.services.cfssl.after = [ "cfssl-init.service" "networking.target" Loading @@ -90,6 +115,9 @@ let User = "cfssl"; Type = "oneshot"; WorkingDirectory = config.services.cfssl.dataDir; # matches systemd.services.cfssl to run setup transparently StateDirectory = baseNameOf config.services.cfssl.dataDir; StateDirectoryMode = 700; }; script = '' ${pkgs.cfssl}/bin/cfssl genkey -initca ${ Loading
