diff --git a/nixos/modules/services/misc/taskserver/default.nix b/nixos/modules/services/misc/taskserver/default.nix index b0e05340e3b..e2a2b896ec6 100644 --- a/nixos/modules/services/misc/taskserver/default.nix +++ b/nixos/modules/services/misc/taskserver/default.nix @@ -397,6 +397,19 @@ in { "${cfg.dataDir}/keys/server.cert" fi + if [ ! -e "${cfg.dataDir}/keys/server.crl" ]; then + ${pkgs.gnutls}/bin/certtool --generate-crl \ + --template "${pkgs.writeText "taskserver-crl.template" '' + expiration_days = 3650 + ''}" \ + --load-ca-privkey "${cfg.dataDir}/keys/ca.key" \ + --load-ca-certificate "${cfg.dataDir}/keys/ca.cert" \ + --outfile "${cfg.dataDir}/keys/server.crl" + + chgrp "${cfg.group}" "${cfg.dataDir}/keys/server.crl" + chmod g+r "${cfg.dataDir}/keys/server.crl" + fi + chmod go+x "${cfg.dataDir}/keys" ''; };