From 812b065cec76f1cffca452f362a53c82e900fd24 Mon Sep 17 00:00:00 2001
From: shimun <shimun@noreply.git.shimun.net>
Date: Thu, 1 Dec 2022 10:38:05 +0000
Subject: [PATCH 1/6] fix: module

---
 flake.nix                | 53 +++++-------------------------------
 modules/home-manager.nix |  2 ++
 modules/nixos.nix        | 58 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 66 insertions(+), 47 deletions(-)
 create mode 100644 modules/home-manager.nix
 create mode 100644 modules/nixos.nix

diff --git a/flake.nix b/flake.nix
index 74d2683..062a330 100644
--- a/flake.nix
+++ b/flake.nix
@@ -99,53 +99,12 @@
             };
         };
 
-      nixosModules.default = { config, pkgs, lib, ... }: with lib; let cfg = config.services.ssh-cert-dist; in {
-        options.services.ssh-cert-dist = {
-          enable = mkEnableOption "ssh-cert-dist";
-          host = mkOption {
-            type = types.str;
-            default = "127.0.0.1";
-          };
-          port = mkOption {
-            type = types.port;
-            default = 6877;
-          };
-          package = mkOption {
-            type = types.package;
-            default = pkgs.ssh-cert-dist;
-          };
-          dataDir = mkOption {
-            type = types.path;
-            default = "/var/lib/ssh-cert-dist";
-          };
-          user = mkOption {
-            type = types.str;
-            default = "cert-dist";
-          };
-          group = mkOption {
-            type = types.str;
-            default = "cert-dist";
-          };
-        };
-        config = mkIf {
-          users = {
-            users.${cfg.user} = {
-              isSystemUser = true;
-              group = cfg.group;
-            };
-            groups.${cfg.group} = { };
-
-          };
-          systemd.services.ssh-cert-dist = {
-            preStart = ''
-              chown ${cfg.user}:${cfg.group} ${cfg.dataDir}
-            '';
-            serviceConfig.User = cfg.user;
-            serviceConfig.ExecStart = "${cfg.package}/bin/ssh-cert-dist server --address ${cfg.host}:${toString cfg.port} -c ${cfg.dataDir} --ca ${cfg.ca}";
-          };
-        };
-      };
-      homeManagerModules.default = { config, pkgs, lib, ... }: with lib; let cfg = config.services.ssh-cert-dist; in { };
+        nixosModules.default = {
+          imports = [ ./modules/nixos.nix ];
+        }; 
+        homeManagerModules.default = {
+          imports = [ ./modules/home-manager.nix ];
+        }; 
 
     };
 
diff --git a/modules/home-manager.nix b/modules/home-manager.nix
new file mode 100644
index 0000000..40de4a2
--- /dev/null
+++ b/modules/home-manager.nix
@@ -0,0 +1,2 @@
+{ config, pkgs, lib, ... }: with lib; let cfg = config.services.ssh-cert-dist; in { }
+
diff --git a/modules/nixos.nix b/modules/nixos.nix
new file mode 100644
index 0000000..e45e8e0
--- /dev/null
+++ b/modules/nixos.nix
@@ -0,0 +1,58 @@
+{ config, pkgs, lib, ... }: with lib; let
+  cfg = config.services.ssh-cert-dist;
+  ca = if builtins.isPath cfg.ca then cfg.ca else pkgs.writeText "ssh-ca" cfg.ca;
+in
+{
+  options.services.ssh-cert-dist = {
+    enable = mkEnableOption "ssh-cert-dist";
+    host = mkOption {
+      type = types.str;
+      default = "127.0.0.1";
+    };
+    port = mkOption {
+      type = types.port;
+      default = 6877;
+    };
+    package = mkOption {
+      type = types.package;
+      default = pkgs.ssh-cert-dist;
+    };
+    ca = mkOption {
+      type = with types; either str path;
+    };
+    dataDir = mkOption {
+      type = types.path;
+      default = "/var/lib/ssh-cert-dist";
+    };
+    user = mkOption {
+      type = types.str;
+      default = "cert-dist";
+    };
+    group = mkOption {
+      type = types.str;
+      default = "cert-dist";
+    };
+  };
+  config = mkIf cfg.enable {
+    users = {
+      users.${cfg.user} = {
+        isSystemUser = true;
+        group = cfg.group;
+      };
+      groups.${cfg.group} = { };
+
+    };
+    systemd.services.ssh-cert-dist = {
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        ExecStartPre = "+${pkgs.writeShellScript "pre-start" ''
+          mkdir -p ${cfg.dataDir}
+          chown ${cfg.user}:${cfg.group} ${cfg.dataDir}
+        ''}";
+        User = cfg.user;
+        ExecStart = "${cfg.package}/bin/ssh-cert-dist server --address ${cfg.host}:${toString cfg.port} -c ${cfg.dataDir} --ca ${ca}";
+      };
+    };
+  };
+}
+

From c88c0f9542fd66050088409e13b2799ee9ed997b Mon Sep 17 00:00:00 2001
From: shimun <shimun@noreply.git.shimun.net>
Date: Thu, 1 Dec 2022 13:21:16 +0000
Subject: [PATCH 2/6] fix: isPath

---
 modules/nixos.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/nixos.nix b/modules/nixos.nix
index e45e8e0..ad76729 100644
--- a/modules/nixos.nix
+++ b/modules/nixos.nix
@@ -1,6 +1,6 @@
 { config, pkgs, lib, ... }: with lib; let
   cfg = config.services.ssh-cert-dist;
-  ca = if builtins.isPath cfg.ca then cfg.ca else pkgs.writeText "ssh-ca" cfg.ca;
+  ca = if isStorePath cfg.ca then cfg.ca else pkgs.writeText "ssh-ca" cfg.ca;
 in
 {
   options.services.ssh-cert-dist = {

From a29ed8c1c83126acfe34c4ab731fb0a8fc511c17 Mon Sep 17 00:00:00 2001
From: shimun <shimun@noreply.git.shimun.net>
Date: Thu, 1 Dec 2022 13:56:50 +0000
Subject: [PATCH 3/6] fix: log path

---
 src/certs.rs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/certs.rs b/src/certs.rs
index 9084963..6719e29 100644
--- a/src/certs.rs
+++ b/src/certs.rs
@@ -15,7 +15,7 @@ pub async fn read_certs(
 pub async fn read_dir(path: impl AsRef<Path> + Debug) -> anyhow::Result<Vec<Certificate>> {
     let mut dir = fs::read_dir(path.as_ref())
         .await
-        .context("read certs dir")?;
+        .with_context(|| format!("read certs dir '{:?}'", path.as_ref()))?;
     let mut certs = Vec::new();
     while let Some(entry) = dir.next_entry().await? {
         //TODO: investigate why path().ends_with doesn't work

From 38e7895b71f969592bc77f329f027fef7aa76e60 Mon Sep 17 00:00:00 2001
From: shimun <shimun@noreply.git.shimun.net>
Date: Thu, 1 Dec 2022 13:58:56 +0000
Subject: [PATCH 4/6] fix: return empty vec

---
 src/certs.rs | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/certs.rs b/src/certs.rs
index 6719e29..063f40c 100644
--- a/src/certs.rs
+++ b/src/certs.rs
@@ -8,6 +8,9 @@ pub async fn read_certs(
     ca: &PublicKey,
     path: impl AsRef<Path>,
 ) -> anyhow::Result<Vec<Certificate>> {
+    if !path.as_ref().exists() {
+        return Ok(Vec::new());
+    }
     read_dir(path.as_ref().join(ca_dir(ca))).await
 }
 

From c468006904a483ed418bb77ee58313dd0bf7b71f Mon Sep 17 00:00:00 2001
From: shimun <shimun@noreply.git.shimun.net>
Date: Thu, 1 Dec 2022 14:01:01 +0000
Subject: [PATCH 5/6] fix: construct path first

---
 src/certs.rs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/certs.rs b/src/certs.rs
index 063f40c..d5d9e1d 100644
--- a/src/certs.rs
+++ b/src/certs.rs
@@ -8,10 +8,11 @@ pub async fn read_certs(
     ca: &PublicKey,
     path: impl AsRef<Path>,
 ) -> anyhow::Result<Vec<Certificate>> {
-    if !path.as_ref().exists() {
+    let ca_dir = path.as_ref().join(ca_dir(ca));
+    if !ca_dir.exists() {
         return Ok(Vec::new());
     }
-    read_dir(path.as_ref().join(ca_dir(ca))).await
+    read_dir(&ca_dir).await
 }
 
 #[instrument]

From b9d47f2c4985fb385e7147554e2328b0990d8af3 Mon Sep 17 00:00:00 2001
From: shimun <shimun@noreply.git.shimun.net>
Date: Thu, 1 Dec 2022 14:08:40 +0000
Subject: [PATCH 6/6] added: debug

---
 modules/nixos.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/nixos.nix b/modules/nixos.nix
index ad76729..df1267d 100644
--- a/modules/nixos.nix
+++ b/modules/nixos.nix
@@ -44,6 +44,7 @@ in
     };
     systemd.services.ssh-cert-dist = {
       wantedBy = [ "multi-user.target" ];
+      environment.RUST_LOG = "debug";
       serviceConfig = {
         ExecStartPre = "+${pkgs.writeShellScript "pre-start" ''
           mkdir -p ${cfg.dataDir}