Make cert algo configurable (for linkerd ecdsa)

2020-11-21 14:54:52 +01:00
parent 672130f635
commit 1dfd090f69
3 changed files with 14 additions and 6 deletions
--- a/modules/initca.nix
+++ b/modules/initca.nix
@@ -1,12 +1,18 @@
-{ pkgs ? import <nixpkgs> {}, ca ? null, name ? "ca", hosts ? [], ...}:
+{
+  pkgs ? import <nixpkgs> {},
+  ca ? null,
+  name ? "ca",
+  algo ? "rsa",
+  hosts ? [],
+  ...}:
 with pkgs;
 let
  ca_csr = pkgs.writeText "${name}-csr.json" (builtins.toJSON {
      inherit hosts;
      CN = "${name}";
      key = {
-          algo = "rsa";
-          size = 2048;
+        inherit algo;
+        size = if algo == "ecdsa" then 256 else 2048;
      };
      names = [
        {