From 225943c8a5d60fb330d1ec977610f77777952f04 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= Date: Tue, 3 Feb 2026 04:56:22 +0100 Subject: [PATCH] pki: add new vault root ca to pki --- system/default.nix | 2 +- system/{ => pki}/root-ca.crt | 0 system/{ => pki}/root-ca.nix | 1 + system/pki/vault-root-ca.crt | 14 ++++++++++++++ 4 files changed, 16 insertions(+), 1 deletion(-) rename system/{ => pki}/root-ca.crt (100%) rename system/{ => pki}/root-ca.nix (84%) create mode 100644 system/pki/vault-root-ca.crt diff --git a/system/default.nix b/system/default.nix index 7957c30..3c59c8c 100644 --- a/system/default.nix +++ b/system/default.nix @@ -7,7 +7,7 @@ ./packages.nix ./nix.nix ./root-user.nix - ./root-ca.nix + ./pki/root-ca.nix ./sops.nix ./sshd.nix ./vault-secrets.nix diff --git a/system/root-ca.crt b/system/pki/root-ca.crt similarity index 100% rename from system/root-ca.crt rename to system/pki/root-ca.crt diff --git a/system/root-ca.nix b/system/pki/root-ca.nix similarity index 84% rename from system/root-ca.nix rename to system/pki/root-ca.nix index 5e5ff78..29e5330 100644 --- a/system/root-ca.nix +++ b/system/pki/root-ca.nix @@ -4,6 +4,7 @@ certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ./root-ca.crt + ./root-ca-vault.crt ]; }; } diff --git a/system/pki/vault-root-ca.crt b/system/pki/vault-root-ca.crt new file mode 100644 index 0000000..c45d391 --- /dev/null +++ b/system/pki/vault-root-ca.crt @@ -0,0 +1,14 @@ +-----BEGIN CERTIFICATE----- +MIICIjCCAaigAwIBAgIUQ/Bd/4kNvkPjQjgGLUMynIVzGeAwCgYIKoZIzj0EAwMw +QDELMAkGA1UEBhMCTk8xEDAOBgNVBAoTB0hvbWVsYWIxHzAdBgNVBAMTFmhvbWUu +MnJqdXMubmV0IFJvb3QgQ0EwHhcNMjYwMjAxMjIxODA5WhcNMzYwMTMwMjIxODM5 +WjBAMQswCQYDVQQGEwJOTzEQMA4GA1UEChMHSG9tZWxhYjEfMB0GA1UEAxMWaG9t +ZS4ycmp1cy5uZXQgUm9vdCBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABH8xhIOl +Nd1Yb1OFhgIJQZM+OkwoFenOQiKfuQ4oPMxaF+fnXdKc77qPDVRjeDy61oGS38X3 +CjPOZAzS9kjo7FmVbzdqlYK7ut/OylF+8MJkCT8mFO1xvuzIXhufnyAD4aNjMGEw +DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEimBeAg +3JVeF4BqdC9hMZ8MYKw2MB8GA1UdIwQYMBaAFEimBeAg3JVeF4BqdC9hMZ8MYKw2 +MAoGCCqGSM49BAMDA2gAMGUCMQCvhRElHBra/XyT93SKcG6ZzIG+K+DH3J5jm6Xr +zaGj2VtdhBRVmEKaUcjU7htgSxcCMA9qHKYFcUH72W7By763M6sy8OOiGQNDSERY +VgnNv9rLCvCef1C8G2bYh/sKGZTPGQ== +-----END CERTIFICATE----- \ No newline at end of file