torjus/nixos-servers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

fixup! pki: add new vault root ca to pki
Some checks failed
Run nix flake check / flake-check (push) Failing after 13m24s
Details

Browse Source
This commit is contained in:
Torjus Håkestad
2026-02-03 06:06:38 +01:00
parent 162dc77f36
commit 903f44edc3
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
services/vault/default.nix
View File

@@ -99,10 +99,11 @@ let
# ACME certificate directory
CERT_DIR="/var/lib/acme/vault01.home.2rjus.net"
# Issue certificate for vault01
echo "Issuing certificate for vault01.home.2rjus.net..."
# Issue certificate for vault01 with vault as SAN
echo "Issuing certificate for vault01.home.2rjus.net (with SAN: vault.home.2rjus.net)..."
OUTPUT=$(bao write -format=json pki_int/issue/homelab \
common_name="vault01.home.2rjus.net" \
alt_names="vault.home.2rjus.net" \
ttl="720h")
# Create ACME directory structure
@@ -140,6 +141,9 @@ let
echo ""
echo "Certificate details:"
openssl x509 -in "$CERT_DIR/cert.pem" -noout -subject -issuer -dates
echo ""
echo "Subject Alternative Names:"
openssl x509 -in "$CERT_DIR/cert.pem" -noout -ext subjectAltName
echo ""
echo "Now restart openbao service:"
@@ -195,6 +199,6 @@ in
server = "https://vault01.home.2rjus.net:8200/v1/pki_int/acme/directory";
listenHTTP = ":80";
reloadServices = [ "openbao" ];
# extraDomainNames = [ "vault.home.2rjus.net" ];
extraDomainNames = [ "vault.home.2rjus.net" ];
};
}