Force ca derivation sha change when new ca is generated.

2018-05-24 14:50:59 +02:00
parent 490dd3edd3
commit 4ac3287a34
5 changed files with 52 additions and 40 deletions
--- a/fs0.nix
+++ b/fs0.nix
@@ -8,36 +8,36 @@ let
  '';

  nixosConfig = node: ip:
-  let
-    cert = pki.trust node ''"${node}", "${ip}", "127.0.0.1"'';
-  in
-  {
-    imports = [
-      (./nixos/hardware-configuration + "/${node}.nix")
-      ./nixos/configuration.nix
-    ];
-    boot.kernelModules = [
-      "dm_snapshot"
-      "dm_mirror"
-      "dm_thin_pool"
-    ];
-    networking = {
-      hostName = node;
-      extraHosts = clusterHosts;
-      firewall.allowedTCPPortRanges = [ { from = 5000; to = 50000; } ];
-      firewall.allowedTCPPorts = [ 111 ];
-      firewall.allowedUDPPorts = [ 111 24007 24008 ];
-    };
-    services.glusterfs = {
-      enable = true;
-      tlsSettings = {
-        caCert = pki.ca.cert;
-        tlsKeyPath = cert.key;
-        tlsPem = cert.cert;
+    let
+      cert = pki.trust node ''"${node}", "${ip}", "127.0.0.1"'';
+    in
+    {
+      imports = [
+        (./nixos/hardware-configuration + "/${node}.nix")
+        ./nixos/configuration.nix
+      ];
+      boot.kernelModules = [
+        "dm_snapshot"
+        "dm_mirror"
+        "dm_thin_pool"
+      ];
+      networking = {
+        hostName = node;
+        extraHosts = clusterHosts;
+        firewall.allowedTCPPortRanges = [ { from = 5000; to = 50000; } ];
+        firewall.allowedTCPPorts = [ 111 ];
+        firewall.allowedUDPPorts = [ 111 24007 24008 ];
      };
+      services.glusterfs = {
+        enable = true;
+        tlsSettings = {
+          caCert = pki.ca.cert;
+          tlsKeyPath = cert.key;
+          tlsPem = cert.cert;
+        };
+      };
+      environment.systemPackages = [ pkgs.lvm2 ];
    };
-    environment.systemPackages = [ pkgs.lvm2 ];
-  };
 in
 {
  fs0-0 = { ... }: