2025-02-10 21:55:08 +00:00
|
|
|
{
|
|
|
|
|
liminix,
|
|
|
|
|
certifix-client,
|
|
|
|
|
svc,
|
|
|
|
|
lib,
|
|
|
|
|
writeText,
|
|
|
|
|
serviceFns,
|
|
|
|
|
}:
|
2024-10-06 10:27:39 +00:00
|
|
|
{
|
|
|
|
|
caCertificate,
|
|
|
|
|
secret,
|
|
|
|
|
subject,
|
2025-02-10 21:55:08 +00:00
|
|
|
serviceUrl,
|
2024-10-06 10:27:39 +00:00
|
|
|
}:
|
|
|
|
|
let
|
|
|
|
|
inherit (builtins) filter isString split;
|
|
|
|
|
inherit (liminix.services) oneshot;
|
|
|
|
|
name = "certifix-${lib.strings.sanitizeDerivationName subject}";
|
|
|
|
|
caCertFile = writeText "ca.crt" caCertificate;
|
|
|
|
|
secretFile = writeText "secret" secret;
|
2025-02-10 21:55:08 +00:00
|
|
|
in
|
|
|
|
|
oneshot {
|
2024-10-06 10:27:39 +00:00
|
|
|
inherit name;
|
|
|
|
|
up = ''
|
|
|
|
|
(in_outputs ${name}
|
|
|
|
|
SSL_CA_CERT_FILE=${caCertFile} ${certifix-client}/bin/certifix-client --subject ${subject} --secret ${secretFile} --key-out key --certificate-out cert ${serviceUrl}
|
|
|
|
|
)
|
|
|
|
|
'';
|
|
|
|
|
}
|
