2024-08-01 19:16:06 +01:00
|
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
|
|
|
|
|
|
let
|
|
|
|
|
cfg = config.custom.ca.service;
|
|
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
options.custom.ca.service = {
|
|
|
|
|
enable = lib.mkEnableOption "ca.service";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
config = lib.mkIf cfg.enable {
|
2024-09-23 20:30:35 +01:00
|
|
|
users.users.step-ca.uid = config.ids.uids.step-ca;
|
|
|
|
|
users.groups.step-ca.gid = config.ids.gids.step-ca;
|
|
|
|
|
|
2024-08-01 19:16:06 +01:00
|
|
|
services.step-ca = {
|
|
|
|
|
enable = true;
|
|
|
|
|
|
|
|
|
|
address = config.custom.dns.tailscale.ipv4;
|
|
|
|
|
port = 8443;
|
|
|
|
|
|
|
|
|
|
intermediatePasswordFile = "/data/system/ca/intermediate.psk";
|
|
|
|
|
|
|
|
|
|
settings = {
|
|
|
|
|
root = ./cert.pem;
|
|
|
|
|
crt = "/data/system/ca/intermediate.crt";
|
|
|
|
|
key = "/data/system/ca/intermediate.pem";
|
|
|
|
|
|
|
|
|
|
dnsNames = [ "ca.ts.hillion.co.uk" ];
|
|
|
|
|
|
|
|
|
|
logger = { format = "text"; };
|
|
|
|
|
|
|
|
|
|
db = {
|
|
|
|
|
type = "badgerv2";
|
|
|
|
|
dataSource = "/var/lib/step-ca/db";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
authority = {
|
|
|
|
|
provisioners = [
|
|
|
|
|
{
|
|
|
|
|
type = "ACME";
|
|
|
|
|
name = "acme";
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
