34 lines
987 B
Nix
34 lines
987 B
Nix
{ pkgs, unstable, ... }:
|
|
{
|
|
sops.secrets."ca_root_pw" = {
|
|
sopsFile = ../../secrets/ca/secrets.yaml;
|
|
path = "/var/lib/step-ca/secrets/ca_root_pw";
|
|
};
|
|
sops.secrets."intermediate_ca_key" = {
|
|
sopsFile = ../../secrets/ca/keys/intermediate_ca_key;
|
|
format = "binary";
|
|
path = "/var/lib/step-ca/secrets/intermediate_ca_key";
|
|
};
|
|
sops.secrets."root_ca_key" = {
|
|
sopsFile = ../../secrets/ca/keys/root_ca_key;
|
|
format = "binary";
|
|
path = "/var/lib/step-ca/secrets/root_ca_key";
|
|
};
|
|
sops.secrets."ssh_host_ca_key" = {
|
|
sopsFile = ../../secrets/ca/keys/ssh_host_ca_key;
|
|
format = "binary";
|
|
path = "/var/lib/step-ca/secrets/ssh_host_ca_key";
|
|
};
|
|
sops.secrets."ssh_user_ca_key" = {
|
|
sopsFile = ../../secrets/ca/keys/ssh_user_ca_key;
|
|
format = "binary";
|
|
path = "/var/lib/step-ca/secrets/ssh_user_ca_key";
|
|
};
|
|
|
|
#services.step-ca = {
|
|
# enable = true;
|
|
# package = unstable.step-ca;
|
|
# settings = builtins.fromJSON ./ca.json;
|
|
#};
|
|
}
|