cascade/CASCADE
5
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add after option to cert client

Browse Source
This commit is contained in:
James Andariese 2022-10-19 16:53:20 -05:00
parent 264dde6b1f
commit d915ad840d
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
common/cascade-cert-client.nix
View File

@ -16,7 +16,7 @@ let cfg = config.security.cascade-certs;
};
};
confToService = n: {enabled, readers, minSecondsRemaining, readerGroups, vaultPkiRole, vaultPkiPath, issueOptions, ...}@opts: mkIf enabled {
confToService = n: {enabled, after, readers, minSecondsRemaining, readerGroups, vaultPkiRole, vaultPkiPath, issueOptions, ...}@opts: mkIf enabled {
serviceConfig = {
Type = "oneshot";
};
@ -25,9 +25,8 @@ let cfg = config.security.cascade-certs;
certFolder = "${cfg.destination}/${n}";
caFolder = "${cfg.destination}/@trust";
in ''
set -x
PATH="${pkgs.curl}/bin:${pkgs.coreutils}/bin:${pkgs.jq}/bin:${pkgs.openssl}/bin:${pkgs.acl}/bin:$PATH"
if [ -r ${shq certFolder}/cert.pem ] \
&& [ -h ${shq certFolder}/current ] \
&& openssl x509 -checkend ${shq minSecondsRemaining} -in ${shq certFolder}/cert.pem ;then
@ -109,6 +108,8 @@ let cfg = config.security.cascade-certs;
fi
rm -rf "$f"
done
${after}
'';
};
@ -258,6 +259,13 @@ options = with types; {
default = null;
};
after = mkOption {
type = lines;
description = ''
A script which will be run after a new certificate is written.
'';
default = "";
};
names = mkOption {
type = listOf str;
description = ''