oceanbox/platform
6
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Make cert algo configurable (for linkerd ecdsa)

Browse Source
This commit is contained in:
Jonas Juselius
2020-11-21 14:54:52 +01:00
parent 672130f635
commit 1dfd090f69
3 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
modules/initca.nix
View File

@@ -1,12 +1,18 @@
{ pkgs ? import <nixpkgs> {}, ca ? null, name ? "ca", hosts ? [], ...}:
{
pkgs ? import <nixpkgs> {},
ca ? null,
name ? "ca",
algo ? "rsa",
hosts ? [],
...}:
with pkgs;
let
ca_csr = pkgs.writeText "${name}-csr.json" (builtins.toJSON {
inherit hosts;
CN = "${name}";
key = {
algo = "rsa";
size = 2048;
inherit algo;
size = if algo == "ecdsa" then 256 else 2048;
};
names = [
{

2
modules/linkerd-certs.nix
View File

@@ -3,12 +3,14 @@ let
identity = import ./initca.nix {
inherit pkgs;
name = "linkerd-identity-ca";
algo = "ecdsa";
hosts = [ "identity.linkerd.cluster.local" ];
};
webhook = import ./initca.nix {
inherit pkgs;
name = "linkerd-webhook-ca";
algo = "ecdsa";
hosts = [ "webhook.linkerd.cluster.local" ];
};
in {

6
modules/pki.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ca ? "" }:
{ pkgs, ca ? "", algo ? "rsa" }:
let
initca = import ./initca.nix { inherit pkgs ca; };
@@ -33,8 +33,8 @@ let
csr = {
CN = "${args.cn}";
key = {
algo = "rsa";
size = 2048;
inherit algo;
size = if algo == "ecdsa" then 256 else 2048;
};
names = [
{