nixos/taskserver: Improve doc for PKI options

The improvement here is just that we're adding a big <note/> here so that users of these options are aware that whenever they're setting one of these the certificates and keys are _not_ created automatically. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-11 12:58:29 +02:00 · 2016-04-11 12:58:29 +02:00 · 6395c87d07
commit 6395c87d07
parent 6df374910f
1 changed files with 30 additions and 33 deletions
--- a/nixos/modules/services/misc/taskserver/default.nix
+++ b/nixos/modules/services/misc/taskserver/default.nix
@ -17,7 +17,35 @@ let
    result = "${key} = ${mkVal val}";
  in optionalString (val != null && val != []) result;

-  needToCreateCA = all isNull (with cfg.pki; [ key cert crl caCert ]);
+  mkPkiOption = desc: mkOption {
+    type = types.nullOr types.path;
+    default = null;
+    description = desc + ''
+      <note><para>
+      Setting this option will prevent automatic CA creation and handling.
+      </para></note>
+    '';
+  };
+
+  pkiOptions = {
+    cert = mkPkiOption ''
+      Fully qualified path to the server certificate.
+    '';
+
+    caCert = mkPkiOption ''
+      Fully qualified path to the CA certificate.
+    '';
+
+    crl = mkPkiOption ''
+      Fully qualified path to the server certificate revocation list.
+    '';
+
+    key = mkPkiOption ''
+      Fully qualified path to the server key.
+    '';
+  };
+
+  needToCreateCA = all (c: isNull cfg.pki.${c}) (attrNames pkiOptions);

  configFile = pkgs.writeText "taskdrc" ''
    # systemd related
@ -274,38 +302,7 @@ in {
        '';
      };

-      pki = {
-        cert = mkOption {
-          type = types.nullOr types.path;
-          default = null;
-          description = "Fully qualified path to the server certificate";
-        };
-
-        caCert = mkOption {
-          type = types.nullOr types.path;
-          default = null;
-          description = "Fully qualified path to the CA certificate.";
-        };
-
-        crl = mkOption {
-          type = types.nullOr types.path;
-          default = null;
-          description = ''
-            Fully qualified path to the server certificate revocation list.
-          '';
-        };
-
-        key = mkOption {
-          type = types.nullOr types.path;
-          default = null;
-          description = ''
-            Fully qualified path to the server key.
-
-            Note that reloading the <literal>taskserver.service</literal> causes
-            a configuration file reload before the next request is handled.
-          '';
-        };
-      };
+      pki = pkiOptions;
    };
  };