2022-09-04 08:04:56 -06:00
|
|
|
{ config, lib, pkgs, ... }:
|
2022-09-06 11:08:12 -06:00
|
|
|
let
|
|
|
|
microcaBin = "${pkgs.microca}/bin/microca";
|
|
|
|
microca = pkgs.writeScriptBin "microca" ''
|
|
|
|
#!/usr/bin/env sh
|
|
|
|
${microcaBin} -ca-key /run/secrets/ca_key -ca-cert /run/secrets/ca_cert $@
|
|
|
|
'';
|
|
|
|
in with lib; {
|
2022-08-25 12:21:35 -06:00
|
|
|
options = {
|
|
|
|
nixManager = {
|
|
|
|
enable = mkEnableOption "Configure host as nix-conf manager.";
|
|
|
|
user = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
default = "root";
|
|
|
|
description = ''
|
|
|
|
User who will own the private key.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
config = mkIf config.nixManager.enable {
|
|
|
|
sops.defaultSopsFile = config.xin-secrets.manager;
|
|
|
|
sops.secrets = {
|
|
|
|
manager_key = { owner = config.nixManager.user; };
|
|
|
|
manager_pubkey = { owner = config.nixManager.user; };
|
2022-09-06 11:08:12 -06:00
|
|
|
ca_key = { owner = config.nixManager.user; };
|
|
|
|
ca_cert = { owner = config.nixManager.user; };
|
2022-08-25 12:21:35 -06:00
|
|
|
};
|
2022-09-04 08:04:56 -06:00
|
|
|
environment.systemPackages = with pkgs; [ microca ];
|
2022-08-25 12:21:35 -06:00
|
|
|
};
|
|
|
|
}
|