From a4a2d69b8a9c12c722796aea3896da7ca449fb55 Mon Sep 17 00:00:00 2001
From: Aaron Bieber <aaron@bolddaemon.com>
Date: Tue, 6 Sep 2022 11:08:12 -0600
Subject: [PATCH] manager: add the ability to manages the CA

---
 configs/manager.nix | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/configs/manager.nix b/configs/manager.nix
index ae0b3e3..4f196c1 100644
--- a/configs/manager.nix
+++ b/configs/manager.nix
@@ -1,5 +1,11 @@
 { config, lib, pkgs, ... }:
-with lib; {
+let
+  microcaBin = "${pkgs.microca}/bin/microca";
+  microca = pkgs.writeScriptBin "microca" ''
+    #!/usr/bin/env sh
+    ${microcaBin} -ca-key /run/secrets/ca_key -ca-cert /run/secrets/ca_cert $@
+  '';
+in with lib; {
   options = {
     nixManager = {
       enable = mkEnableOption "Configure host as nix-conf manager.";
@@ -18,6 +24,8 @@ with lib; {
     sops.secrets = {
       manager_key = { owner = config.nixManager.user; };
       manager_pubkey = { owner = config.nixManager.user; };
+      ca_key = { owner = config.nixManager.user; };
+      ca_cert = { owner = config.nixManager.user; };
     };
     environment.systemPackages = with pkgs; [ microca ];
   };