From b19fdc9ec914ac176a9332feb59a7ca83ae0e3f5 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Mon, 11 Apr 2016 13:38:33 +0200
Subject: [PATCH] nixos/taskserver: Set server.crl for automatic CA

Currently, we don't handle this yet, but let's set it so that we cover
all the options.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
---
 nixos/modules/services/misc/taskserver/default.nix | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/nixos/modules/services/misc/taskserver/default.nix b/nixos/modules/services/misc/taskserver/default.nix
index 7e6e3d3873d..c81cd20b263 100644
--- a/nixos/modules/services/misc/taskserver/default.nix
+++ b/nixos/modules/services/misc/taskserver/default.nix
@@ -80,18 +80,19 @@ let
 
     # server
     server = ${cfg.listenHost}:${toString cfg.listenPort}
-    ${mkConfLine "server.crl" cfg.pki.server.crl}
-
-    # certificates
     ${mkConfLine "trust" cfg.trust}
+
+    # PKI options
     ${if needToCreateCA then ''
       ca.cert = ${cfg.dataDir}/keys/ca.cert
       server.cert = ${cfg.dataDir}/keys/server.cert
       server.key = ${cfg.dataDir}/keys/server.key
+      server.crl = ${cfg.dataDir}/keys/server.crl
     '' else ''
       ca.cert = ${cfg.pki.ca.cert}
       server.cert = ${cfg.pki.server.cert}
       server.key = ${cfg.pki.server.key}
+      server.crl = ${cfg.pki.server.crl}
     ''}
   '';