nixos/taskserver: Improve doc for PKI options

The improvement here is just that we're adding a big <note/> here so
that users of these options are aware that whenever they're setting one
of these the certificates and keys are _not_ created automatically.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This commit is contained in:
aszlig 2016-04-11 12:58:29 +02:00
parent 6df374910f
commit 6395c87d07
No known key found for this signature in database
GPG Key ID: D0EBD0EC8C2DC961
1 changed files with 30 additions and 33 deletions

View File

@ -17,7 +17,35 @@ let
result = "${key} = ${mkVal val}";
in optionalString (val != null && val != []) result;
needToCreateCA = all isNull (with cfg.pki; [ key cert crl caCert ]);
mkPkiOption = desc: mkOption {
type = types.nullOr types.path;
default = null;
description = desc + ''
<note><para>
Setting this option will prevent automatic CA creation and handling.
</para></note>
'';
};
pkiOptions = {
cert = mkPkiOption ''
Fully qualified path to the server certificate.
'';
caCert = mkPkiOption ''
Fully qualified path to the CA certificate.
'';
crl = mkPkiOption ''
Fully qualified path to the server certificate revocation list.
'';
key = mkPkiOption ''
Fully qualified path to the server key.
'';
};
needToCreateCA = all (c: isNull cfg.pki.${c}) (attrNames pkiOptions);
configFile = pkgs.writeText "taskdrc" ''
# systemd related
@ -274,38 +302,7 @@ in {
'';
};
pki = {
cert = mkOption {
type = types.nullOr types.path;
default = null;
description = "Fully qualified path to the server certificate";
};
caCert = mkOption {
type = types.nullOr types.path;
default = null;
description = "Fully qualified path to the CA certificate.";
};
crl = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Fully qualified path to the server certificate revocation list.
'';
};
key = mkOption {
type = types.nullOr types.path;
default = null;
description = ''
Fully qualified path to the server key.
Note that reloading the <literal>taskserver.service</literal> causes
a configuration file reload before the next request is handled.
'';
};
};
pki = pkiOptions;
};
};