public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/taskserver: Rename .server options to .pki

Browse Source 
After moving out the PKI-unrelated options, let's name this a bit more
appropriate, so we can finally get rid of the taskserver.server thing.

This also moves taskserver.caCert to taskserver.pki.caCert, because that
clearly belongs to the PKI options.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This commit is contained in:
aszlig 2016-04-11 12:38:16 +02:00
parent d6bd457d1f
commit 6de94e7d24
No known key found for this signature in database
GPG Key ID: D0EBD0EC8C2DC961
2 changed files with 19 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
nixos/modules/services/misc/taskserver/default.nix
View File

@ -17,9 +17,7 @@ let
result = "${key} = ${mkVal val}"; result = "${key} = ${mkVal val}";
in optionalString (val != null && val != []) result; in optionalString (val != null && val != []) result;
needToCreateCA = all isNull (with cfg; [ needToCreateCA = all isNull (with cfg.pki; [ key cert crl caCert ]);
server.key server.cert server.crl caCert
]);
configFile = pkgs.writeText "taskdrc" '' configFile = pkgs.writeText "taskdrc" ''
# systemd related # systemd related
@ -43,18 +41,18 @@ let
# server # server
server = ${cfg.listenHost}:${toString cfg.listenPort} server = ${cfg.listenHost}:${toString cfg.listenPort}
${mkConfLine "server.crl" cfg.server.crl} ${mkConfLine "server.crl" cfg.pki.crl}
# certificates # certificates
${mkConfLine "trust" cfg.server.trust} ${mkConfLine "trust" cfg.pki.trust}
${if needToCreateCA then '' ${if needToCreateCA then ''
ca.cert = ${cfg.dataDir}/keys/ca.cert ca.cert = ${cfg.dataDir}/keys/ca.cert
server.cert = ${cfg.dataDir}/keys/server.cert server.cert = ${cfg.dataDir}/keys/server.cert
server.key = ${cfg.dataDir}/keys/server.key server.key = ${cfg.dataDir}/keys/server.key
'' else '' '' else ''
ca.cert = ${cfg.caCert} ca.cert = ${cfg.pki.caCert}
server.cert = ${cfg.server.cert} server.cert = ${cfg.pki.cert}
server.key = ${cfg.server.key} server.key = ${cfg.pki.key}
''} ''}
''; '';
@ -91,7 +89,7 @@ let
certtool = "${pkgs.gnutls}/bin/certtool"; certtool = "${pkgs.gnutls}/bin/certtool";
inherit taskd; inherit taskd;
inherit (cfg) dataDir user group; inherit (cfg) dataDir user group;
inherit (cfg.server) fqdn; inherit (cfg.pki) fqdn;
}}" > "$out/main.py" }}" > "$out/main.py"
cat > "$out/setup.py" <<EOF cat > "$out/setup.py" <<EOF
from setuptools import setup from setuptools import setup
@ -134,12 +132,6 @@ in {
description = "Data directory for Taskserver."; description = "Data directory for Taskserver.";
}; };
caCert = mkOption {
type = types.nullOr types.path;
default = null;
description = "Fully qualified path to the CA certificate.";
};
ciphers = mkOption { ciphers = mkOption {
type = types.nullOr (types.separatedString ":"); type = types.nullOr (types.separatedString ":");
default = null; default = null;
@ -261,12 +253,13 @@ in {
''; '';
}; };
server = { pki = {
fqdn = mkOption { fqdn = mkOption {
type = types.str; type = types.str;
default = "localhost"; default = "localhost";
description = '' description = ''
The fully qualified domain name of this server. The fully qualified domain name of this server, which is used as the
common name in the certificates.
''; '';
}; };
@ -276,6 +269,12 @@ in {
description = "Fully qualified path to the server certificate"; description = "Fully qualified path to the server certificate";
}; };
caCert = mkOption {
type = types.nullOr types.path;
default = null;
description = "Fully qualified path to the CA certificate.";
};
crl = mkOption { crl = mkOption {
type = types.nullOr types.path; type = types.nullOr types.path;
default = null; default = null;
@ -346,7 +345,7 @@ in {
--outfile "${cfg.dataDir}/keys/ca.key" --outfile "${cfg.dataDir}/keys/ca.key"
${pkgs.gnutls}/bin/certtool -s \ ${pkgs.gnutls}/bin/certtool -s \
--template "${pkgs.writeText "taskserver-ca.template" '' --template "${pkgs.writeText "taskserver-ca.template" ''
cn = ${cfg.server.fqdn} cn = ${cfg.pki.fqdn}
cert_signing_key cert_signing_key
ca ca
''}" \ ''}" \
@ -364,7 +363,7 @@ in {
${pkgs.gnutls}/bin/certtool -c \ ${pkgs.gnutls}/bin/certtool -c \
--template "${pkgs.writeText "taskserver-cert.template" '' --template "${pkgs.writeText "taskserver-cert.template" ''
cn = ${cfg.server.fqdn} cn = ${cfg.pki.fqdn}
tls_www_server tls_www_server
encryption_key encryption_key
signing_key signing_key

2
nixos/tests/taskserver.nix
View File

@ -6,7 +6,7 @@ import ./make-test.nix {
networking.firewall.enable = false; networking.firewall.enable = false;
services.taskserver.enable = true; services.taskserver.enable = true;
services.taskserver.listenHost = "::"; services.taskserver.listenHost = "::";
services.taskserver.server.fqdn = "server"; services.taskserver.pki.fqdn = "server";
services.taskserver.organisations = { services.taskserver.organisations = {
testOrganisation.users = [ "alice" "foo" ]; testOrganisation.users = [ "alice" "foo" ];
anotherOrganisation.users = [ "bob" ]; anotherOrganisation.users = [ "bob" ];