nixos/taskserver: Move .pki.fqdn to .fqdn

It's not necessarily related to the PKI options, because this is also used for setting the server address on the Taskwarrior client. So if someone doesn't have his/her own certificates from another CA, all options that need to be adjusted are in .pki. And if someone doesn't want to bother with getting certificates from another CA, (s)he just doesn't set anything in .pki. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:42:20 +02:00 · 2016-04-11 12:42:20 +02:00 · 3affead91b
parent 6de94e7d24
commit 3affead91b
2 changed files with 13 additions and 14 deletions
--- a/nixos/modules/services/misc/taskserver/default.nix
+++ b/nixos/modules/services/misc/taskserver/default.nix
@ -88,8 +88,7 @@ let
        src = ./helper-tool.py;
        certtool = "${pkgs.gnutls}/bin/certtool";
        inherit taskd;
-        inherit (cfg) dataDir user group;
-        inherit (cfg.pki) fqdn;
+        inherit (cfg) dataDir user group fqdn;
      }}" > "$out/main.py"
      cat > "$out/setup.py" <<EOF
      from setuptools import setup
@ -253,16 +252,16 @@ in {
        '';
      };

-      pki = {
-        fqdn = mkOption {
-          type = types.str;
-          default = "localhost";
-          description = ''
-            The fully qualified domain name of this server, which is used as the
-            common name in the certificates.
-          '';
-        };
+      fqdn = mkOption {
+        type = types.str;
+        default = "localhost";
+        description = ''
+          The fully qualified domain name of this server, which is also used
+          as the common name in the certificates.
+        '';
+      };

+      pki = {
        cert = mkOption {
          type = types.nullOr types.path;
          default = null;
@ -345,7 +344,7 @@ in {
            --outfile "${cfg.dataDir}/keys/ca.key"
          ${pkgs.gnutls}/bin/certtool -s \
            --template "${pkgs.writeText "taskserver-ca.template" ''
-              cn = ${cfg.pki.fqdn}
+              cn = ${cfg.fqdn}
              cert_signing_key
              ca
            ''}" \
@ -363,7 +362,7 @@ in {

          ${pkgs.gnutls}/bin/certtool -c \
            --template "${pkgs.writeText "taskserver-cert.template" ''
-              cn = ${cfg.pki.fqdn}
+              cn = ${cfg.fqdn}
              tls_www_server
              encryption_key
              signing_key
--- a/nixos/tests/taskserver.nix
+++ b/nixos/tests/taskserver.nix
@ -6,7 +6,7 @@ import ./make-test.nix {
      networking.firewall.enable = false;
      services.taskserver.enable = true;
      services.taskserver.listenHost = "::";
-      services.taskserver.pki.fqdn = "server";
+      services.taskserver.fqdn = "server";
      services.taskserver.organisations = {
        testOrganisation.users = [ "alice" "foo" ];
        anotherOrganisation.users = [ "bob" ];