From 411c6f77a356700bcfe2a0035f8709d750d014f8 Mon Sep 17 00:00:00 2001 From: aszlig Date: Tue, 5 Apr 2016 16:09:12 +0200 Subject: [PATCH] nixos/taskserver: Add trust option to config file The server starts up without that option anyway, but it complains about its value not being set. As we probably want to have access to that configuration value anyway, let's expose this via the NixOS module as well. Signed-off-by: aszlig --- nixos/modules/services/misc/taskserver.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/nixos/modules/services/misc/taskserver.nix b/nixos/modules/services/misc/taskserver.nix index d3ab9c80e07..6d9cfdbfe4c 100644 --- a/nixos/modules/services/misc/taskserver.nix +++ b/nixos/modules/services/misc/taskserver.nix @@ -47,6 +47,7 @@ let ${mkConfLine "server.crl" cfg.server.crl} # certificates + ${mkConfLine "trust" cfg.server.trust} ${if needToCreateCA then '' ca.cert = ${cfg.dataDir}/keys/ca.cert server.cert = ${cfg.dataDir}/keys/server.cert @@ -233,6 +234,19 @@ in { a configuration file reload before the next request is handled. ''; }; + + trust = mkOption { + type = types.enum [ "allow all" "strict" ]; + default = "strict"; + description = '' + Determines how client certificates are validated. + + The value allow all performs no client + certificate validation. This is not recommended. The value + strict causes the client certificate to be + validated against a CA. + ''; + }; }; }; };