Loading nixos/modules/services/security/step-ca.nix +4 −12 Original line number Diff line number Diff line Loading @@ -60,7 +60,10 @@ in ''; }; intermediatePasswordFile = lib.mkOption { type = lib.types.path; type = lib.types.pathWith { inStore = false; absolute = true; }; example = "/run/keys/smallstep-password"; description = '' Path to the file containing the password for the intermediate Loading @@ -86,17 +89,6 @@ in ); in { assertions = [ { assertion = !lib.isStorePath cfg.intermediatePasswordFile; message = '' <option>services.step-ca.intermediatePasswordFile</option> points to a file in the Nix store. You should use a quoted absolute path to prevent this. ''; } ]; systemd.packages = [ cfg.package ]; # configuration file indirection is needed to support reloading Loading nixos/tests/step-ca.nix +2 −1 Original line number Diff line number Diff line Loading @@ -14,12 +14,13 @@ import ./make-test-python.nix ({ pkgs, ... }: { caserver = { config, pkgs, ... }: { environment.etc.password-file.source = "${test-certificates}/intermediate-password-file"; services.step-ca = { enable = true; address = "[::]"; port = 8443; openFirewall = true; intermediatePasswordFile = "${test-certificates}/intermediate-password-file"; intermediatePasswordFile = "/etc/${config.environment.etc.password-file.target}"; settings = { dnsNames = [ "caserver" ]; root = "${test-certificates}/root_ca.crt"; Loading Loading
nixos/modules/services/security/step-ca.nix +4 −12 Original line number Diff line number Diff line Loading @@ -60,7 +60,10 @@ in ''; }; intermediatePasswordFile = lib.mkOption { type = lib.types.path; type = lib.types.pathWith { inStore = false; absolute = true; }; example = "/run/keys/smallstep-password"; description = '' Path to the file containing the password for the intermediate Loading @@ -86,17 +89,6 @@ in ); in { assertions = [ { assertion = !lib.isStorePath cfg.intermediatePasswordFile; message = '' <option>services.step-ca.intermediatePasswordFile</option> points to a file in the Nix store. You should use a quoted absolute path to prevent this. ''; } ]; systemd.packages = [ cfg.package ]; # configuration file indirection is needed to support reloading Loading
nixos/tests/step-ca.nix +2 −1 Original line number Diff line number Diff line Loading @@ -14,12 +14,13 @@ import ./make-test-python.nix ({ pkgs, ... }: { caserver = { config, pkgs, ... }: { environment.etc.password-file.source = "${test-certificates}/intermediate-password-file"; services.step-ca = { enable = true; address = "[::]"; port = 8443; openFirewall = true; intermediatePasswordFile = "${test-certificates}/intermediate-password-file"; intermediatePasswordFile = "/etc/${config.environment.etc.password-file.target}"; settings = { dnsNames = [ "caserver" ]; root = "${test-certificates}/root_ca.crt"; Loading
