qbit/xin
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

ca: install new step-kms-plugin pkg

Browse Source
This commit is contained in:
Aaron Bieber 2023-03-06 18:07:02 -07:00
parent 4a061225eb
commit f23b34c15f
No known key found for this signature in database
2 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
configs/ca.nix
View File

@ -1,5 +1,7 @@
{ config, lib, pkgs, inputs, xinlib, ... }:
let cfg = config.services.xinCA;
let
cfg = config.services.xinCA;
stepKmsPlugin = pkgs.callpackage ../pkgs/step-kms-plugin.nix { };
in with lib; {
options = {
services.xinCA = {
@ -64,10 +66,15 @@ in with lib; {
networking.hosts = { "127.0.0.1" = [ "ca.bolddaemon.com" ]; };
environment.sessionVariables = { STEPPATH = "/var/lib/step-ca"; };
environment.systemPackages = with pkgs; [ step-cli opensc libressl ];
environment.systemPackages = with pkgs; [
step-cli
stepKmsPlugin
opensc
libressl
];
services.step-ca = {
enable = true;
enable = false;
intermediatePasswordFile = "${config.sops.secrets.ca_password.path}";
address = "127.0.0.1";
port = 443;

2
hosts/europa/default.nix
View File

@ -144,7 +144,7 @@ in {
};
};
#services.xinCA = { enable = true; };
services.xinCA = { enable = true; };
services = {
restic = {