shimun/ssh-cert-dist
1
0
Fork 0
Code Issues 1 Pull Requests 1 Packages Projects Releases Wiki Activity

added: hm module

Browse Source
This commit is contained in:
shimun 2022-12-04 23:29:32 +01:00
parent cdf2f0a5f8
commit 4b8b946640
Signed by: shimun
GPG Key ID: E0420647856EA39E
3 changed files with 90 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
modules/home-manager.nix
View File

@ -1,2 +1,75 @@
{ config, pkgs, lib, ... }: with lib; let cfg = config.services.ssh-cert-dist; in { } { config, pkgs, lib, ... }: with lib; let
cfg = config.services.ssh-cert-dist;
directoryModule = { name, ... }: {
options = {
name = mkOption {
type = types.str;
default = last (splitString "/" name);
};
fetch = mkOption {
type = types.bool;
default = true;
};
upload = mkOption {
type = types.bool;
default = false;
};
};
};
in
{
options.services.ssh-cert-dist = {
enable = mkEnableOption "ssh-cert-dist";
endpoint = mkOption {
type = types.str;
description = "API endpoint url";
};
package = mkOption {
type = types.package;
default = pkgs.ssh-cert-dist;
};
directories = mkOption {
type = with types; attrsOf (submodule directoryModule);
default = { };
};
};
config.systemd.user.services = mkIf cfg.enable (mapAttrs'
(path: options: {
inherit (options) name; value = {
Unit.Description = "ssh-cert-dist service for ${path}";
Service = {
Environment = "RUST_LOG=debug";
ExecStart = toString (pkgs.writeShellApplication {
name = "ssh-cert-dist-${options.name}";
runtimeInputs = [ cfg.package ];
text = ''
${optionalString options.fetch ''
ssh-cert-dist client fetch --cert-dir '${path}' --api-endpoint '${cfg.endpoint}'
''}
${optionalString options.upload ''
ssh-cert-dist client upload --api-endpoint '${cfg.endpoint}' ${path}/*
''}
'';
});
};
};
})
cfg.directories);
options.programs.ssh-cert-dist = {
enable = mkEnableOption "ssh-cert-dist";
package = mkOption {
type = types.package;
default = pkgs.ssh-cert-dist;
};
endpoint = mkOption {
type = types.str;
description = "API endpoint url";
};
};
config.home = let cfg = config.programs.ssh-cert-dist; in mkIf cfg.enable {
packages = [ cfg.package ];
sessionVariables.SSH_CD_API = cfg.endpoint;
};
}

13
modules/nixos.nix
View File

@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }: with lib; let { config, pkgs, lib, ... }: with lib; let
cfg = config.services.ssh-cert-dist; cfg = config.services.ssh-cert-dist;
ca = if isStorePath cfg.ca then cfg.ca else pkgs.writeText "ssh-ca" cfg.ca; ca = if isPath cfg.ca then cfg.ca else pkgs.writeText "ssh-ca" cfg.ca;
in in
{ {
options.services.ssh-cert-dist = { options.services.ssh-cert-dist = {
@ -44,14 +44,21 @@ in
}; };
systemd.services.ssh-cert-dist = { systemd.services.ssh-cert-dist = {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
environment.RUST_LOG = "debug"; environment = {
SSH_CD_SOCKET_ADDRESS = "${cfg.host}:${toString cfg.port}";
SSH_CD_CERT_DIR = cfg.dataDir;
SSH_CD_VALIDATE_EXPIRY = true;
SSH_CD_VALIDATE_SERIAL = false;
SSH_CD_CA = ca;
RUST_LOG = "debug";
};
serviceConfig = { serviceConfig = {
ExecStartPre = "+${pkgs.writeShellScript "pre-start" '' ExecStartPre = "+${pkgs.writeShellScript "pre-start" ''
mkdir -p ${cfg.dataDir} mkdir -p ${cfg.dataDir}
chown ${cfg.user}:${cfg.group} ${cfg.dataDir} chown ${cfg.user}:${cfg.group} ${cfg.dataDir}
''}"; ''}";
User = cfg.user; User = cfg.user;
ExecStart = "${cfg.package}/bin/ssh-cert-dist server --address ${cfg.host}:${toString cfg.port} -c ${cfg.dataDir} --ca ${ca}"; ExecStart = "${cfg.package}/bin/ssh-cert-dist server";
}; };
}; };
}; };