cascade/CASCADE
5
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add after option to cert client

Browse Source
This commit is contained in:
James Andariese 2022-10-19 16:53:20 -05:00
parent 264dde6b1f
commit d915ad840d
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
common/cascade-cert-client.nix
View File

@ -16,7 +16,7 @@ let cfg = config.security.cascade-certs;
}; };
}; };
confToService = n: {enabled, readers, minSecondsRemaining, readerGroups, vaultPkiRole, vaultPkiPath, issueOptions, ...}@opts: mkIf enabled { confToService = n: {enabled, after, readers, minSecondsRemaining, readerGroups, vaultPkiRole, vaultPkiPath, issueOptions, ...}@opts: mkIf enabled {
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
}; };
@ -25,7 +25,6 @@ let cfg = config.security.cascade-certs;
certFolder = "${cfg.destination}/${n}"; certFolder = "${cfg.destination}/${n}";
caFolder = "${cfg.destination}/@trust"; caFolder = "${cfg.destination}/@trust";
in '' in ''
set -x
PATH="${pkgs.curl}/bin:${pkgs.coreutils}/bin:${pkgs.jq}/bin:${pkgs.openssl}/bin:${pkgs.acl}/bin:$PATH" PATH="${pkgs.curl}/bin:${pkgs.coreutils}/bin:${pkgs.jq}/bin:${pkgs.openssl}/bin:${pkgs.acl}/bin:$PATH"
if [ -r ${shq certFolder}/cert.pem ] \ if [ -r ${shq certFolder}/cert.pem ] \
@ -109,6 +108,8 @@ let cfg = config.security.cascade-certs;
fi fi
rm -rf "$f" rm -rf "$f"
done done
${after}
''; '';
}; };
@ -258,6 +259,13 @@ options = with types; {
default = null; default = null;
}; };
after = mkOption {
type = lines;
description = ''
A script which will be run after a new certificate is written.
'';
default = "";
};
names = mkOption { names = mkOption {
type = listOf str; type = listOf str;
description = '' description = ''