ca: install new step-kms-plugin pkg
This commit is contained in:
parent
4a061225eb
commit
f23b34c15f
@ -1,5 +1,7 @@
|
||||
{ config, lib, pkgs, inputs, xinlib, ... }:
|
||||
let cfg = config.services.xinCA;
|
||||
let
|
||||
cfg = config.services.xinCA;
|
||||
stepKmsPlugin = pkgs.callpackage ../pkgs/step-kms-plugin.nix { };
|
||||
in with lib; {
|
||||
options = {
|
||||
services.xinCA = {
|
||||
@ -64,10 +66,15 @@ in with lib; {
|
||||
networking.hosts = { "127.0.0.1" = [ "ca.bolddaemon.com" ]; };
|
||||
|
||||
environment.sessionVariables = { STEPPATH = "/var/lib/step-ca"; };
|
||||
environment.systemPackages = with pkgs; [ step-cli opensc libressl ];
|
||||
environment.systemPackages = with pkgs; [
|
||||
step-cli
|
||||
stepKmsPlugin
|
||||
opensc
|
||||
libressl
|
||||
];
|
||||
|
||||
services.step-ca = {
|
||||
enable = true;
|
||||
enable = false;
|
||||
intermediatePasswordFile = "${config.sops.secrets.ca_password.path}";
|
||||
address = "127.0.0.1";
|
||||
port = 443;
|
||||
|
@ -144,7 +144,7 @@ in {
|
||||
};
|
||||
};
|
||||
|
||||
#services.xinCA = { enable = true; };
|
||||
services.xinCA = { enable = true; };
|
||||
|
||||
services = {
|
||||
restic = {
|
||||
|
Loading…
Reference in New Issue
Block a user