diff options
| -rw-r--r-- | system/services/taskserver/default.nix | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/system/services/taskserver/default.nix b/system/services/taskserver/default.nix index 33416e6..afbd09c 100644 --- a/system/services/taskserver/default.nix +++ b/system/services/taskserver/default.nix @@ -9,14 +9,23 @@ in { key = "${taskStore}/privkey.pem"; }; }; - pki.auto = { - expiration = { - server = 365; - crl = 365; - client = 365; - ca = 365; + pki = { + auto = { + expiration = { + server = 365; + crl = 365; + client = 365; + ca = 365; + }; + bits = 4096; + }; + manual = { + ca.cert = builtins.toPath "${taskStore}/cert.pem"; + server = { + cert = builtins.toPath "${taskStore}/fullchain.pem"; + key = builtins.toPath "${taskStore}/privkey.pem"; + }; }; - bits = 4096; }; organisations = import ./organisations.nix; trust = "strict"; @@ -34,12 +43,15 @@ in { set -x rm "${taskStore}/key.pem" rm "${taskStore}/fullchain.pem" + rm "${taskStore}/cert.pem" cp key.pem "${taskStore}"; cp fullchain.pem "${taskStore}"; + cp cert.pem "${taskStore}"; chown taskd:taskd "${taskStore}/key.pem" chown taskd:taskd "${taskStore}/fullchain.pem" + chown taskd:taskd "${taskStore}/cert.pem" ''; }; } |