nixos/taskserver: Introduce a new fqdn option

Using just the host for the common name *and* for listening on the port
is quite a bad idea if you want to listen on something like :: or an
internal IP address which is proxied/tunneled to the outside.

Hence this separates host and fqdn.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>

nixos/modules/services/misc/taskserver.nix

@@ -198,7 +198,7 @@ in {
           type = types.str;
           default = "localhost";
           description = ''
-            The address (IPv4, IPv6 or DNS) of the Taskserver.
+            The address (IPv4, IPv6 or DNS) to listen on.
           '';
         };
 
@@ -210,6 +210,14 @@ in {
           '';
         };
 
+        fqdn = mkOption {
+          type = types.str;
+          default = "localhost";
+          description = ''
+            The fully qualified domain name of this server.
+          '';
+        };
+
         cert = mkOption {
           type = types.nullOr types.path;
           default = null;
@@ -284,7 +292,7 @@ in {
             --outfile "${cfg.dataDir}/keys/ca.key"
           ${pkgs.gnutls}/bin/certtool -s \
             --template "${pkgs.writeText "taskserver-ca.template" ''
-              cn = ${cfg.server.host}
+              cn = ${cfg.server.fqdn}
               cert_signing_key
               ca
             ''}" \
@@ -302,7 +310,7 @@ in {
 
           ${pkgs.gnutls}/bin/certtool -s \
             --template "${pkgs.writeText "taskserver-cert.template" ''
-              cn = ${cfg.server.host}
+              cn = ${cfg.server.fqdn}
               tls_www_server
               encryption_key
               signing_key