Make cert algo configurable (for linkerd ecdsa)

2020-11-21 14:54:52 +01:00
parent 672130f635
commit 1dfd090f69
3 changed files with 14 additions and 6 deletions
--- a/modules/pki.nix
+++ b/modules/pki.nix
@@ -1,4 +1,4 @@
-{ pkgs, ca ? "" }:
+{ pkgs, ca ? "", algo ? "rsa" }:
 let
  initca = import ./initca.nix { inherit pkgs ca; };

@@ -33,8 +33,8 @@ let
      csr = {
        CN = "${args.cn}";
        key = {
-          algo = "rsa";
-          size = 2048;
+          inherit algo;
+          size = if algo == "ecdsa" then 256 else 2048;
        };
        names = [
          {