added: hm module

modules/nixos.nix

@@ -1,6 +1,6 @@
 { config, pkgs, lib, ... }: with lib; let
   cfg = config.services.ssh-cert-dist;
-  ca = if isStorePath cfg.ca then cfg.ca else pkgs.writeText "ssh-ca" cfg.ca;
+  ca = if isPath cfg.ca then cfg.ca else pkgs.writeText "ssh-ca" cfg.ca;
 in
 {
   options.services.ssh-cert-dist = {
@@ -44,14 +44,21 @@ in
     };
     systemd.services.ssh-cert-dist = {
       wantedBy = [ "multi-user.target" ];
-      environment.RUST_LOG = "debug";
+      environment = {
+        SSH_CD_SOCKET_ADDRESS = "${cfg.host}:${toString cfg.port}";
+        SSH_CD_CERT_DIR = cfg.dataDir;
+        SSH_CD_VALIDATE_EXPIRY = true;
+        SSH_CD_VALIDATE_SERIAL = false;
+        SSH_CD_CA = ca;
+        RUST_LOG = "debug";
+      };
       serviceConfig = {
         ExecStartPre = "+${pkgs.writeShellScript "pre-start" ''
           mkdir -p ${cfg.dataDir}
           chown ${cfg.user}:${cfg.group} ${cfg.dataDir}
         ''}";
         User = cfg.user;
-        ExecStart = "${cfg.package}/bin/ssh-cert-dist server --address ${cfg.host}:${toString cfg.port} -c ${cfg.dataDir} --ca ${ca}";
+        ExecStart = "${cfg.package}/bin/ssh-cert-dist server";
       };
     };
   };