torjus/nixos-servers
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Add secrets to ca
All checks were successful
Run nix flake check / flake-check (push) Successful in 2m20s
Details
Periodic flake update / flake-update (push) Successful in 1m44s
Details

Browse Source
This commit is contained in:
Torjus Håkestad
2024-10-21 12:02:10 +02:00
parent 9db005b1ea
commit 8b5a2825df
8 changed files with 254 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
services/ca/default.nix Normal file
View File

@@ -0,0 +1,33 @@
{ pkgs, unstable, ... }:
{
sops.secrets."ca_root_pw" = {
sopsFile = ../../secrets/ca/secrets.yaml;
path = "/var/lib/step-ca/secrets/ca_root_pw";
};
sops.secrets."intermediate_ca_key" = {
sopsFile = ../../secrets/ca/keys/intermediate_ca_key;
format = "binary";
path = "/var/lib/step-ca/secrets/intermediate_ca_key";
};
sops.secrets."root_ca_key" = {
sopsFile = ../../secrets/ca/keys/root_ca_key;
format = "binary";
path = "/var/lib/step-ca/secrets/root_ca_key";
};
sops.secrets."ssh_host_ca_key" = {
sopsFile = ../../secrets/ca/keys/ssh_host_ca_key;
format = "binary";
path = "/var/lib/step-ca/secrets/ssh_host_ca_key";
};
sops.secrets."ssh_user_ca_key" = {
sopsFile = ../../secrets/ca/keys/ssh_user_ca_key;
format = "binary";
path = "/var/lib/step-ca/secrets/ssh_user_ca_key";
};
#services.step-ca = {
# enable = true;
# package = unstable.step-ca;
# settings = builtins.fromJSON ./ca.json;
#};
}