add after option to cert client

This commit is contained in:
James Andariese 2022-10-19 16:53:20 -05:00
parent 264dde6b1f
commit d915ad840d

View File

@ -16,7 +16,7 @@ let cfg = config.security.cascade-certs;
};
};
confToService = n: {enabled, readers, minSecondsRemaining, readerGroups, vaultPkiRole, vaultPkiPath, issueOptions, ...}@opts: mkIf enabled {
confToService = n: {enabled, after, readers, minSecondsRemaining, readerGroups, vaultPkiRole, vaultPkiPath, issueOptions, ...}@opts: mkIf enabled {
serviceConfig = {
Type = "oneshot";
};
@ -25,7 +25,6 @@ let cfg = config.security.cascade-certs;
certFolder = "${cfg.destination}/${n}";
caFolder = "${cfg.destination}/@trust";
in ''
set -x
PATH="${pkgs.curl}/bin:${pkgs.coreutils}/bin:${pkgs.jq}/bin:${pkgs.openssl}/bin:${pkgs.acl}/bin:$PATH"
if [ -r ${shq certFolder}/cert.pem ] \
@ -109,6 +108,8 @@ let cfg = config.security.cascade-certs;
fi
rm -rf "$f"
done
${after}
'';
};
@ -258,6 +259,13 @@ options = with types; {
default = null;
};
after = mkOption {
type = lines;
description = ''
A script which will be run after a new certificate is written.
'';
default = "";
};
names = mkOption {
type = listOf str;
description = ''