WIP: clean pki.nix

2019-10-16 10:46:16 +02:00
parent 4b53e9c578
commit 92ebff4a73
1 changed files with 23 additions and 40 deletions
--- a/lib/pki.nix
+++ b/lib/pki.nix
@@ -21,38 +21,32 @@ let
  }
  '';

-  gencsr = args: pkgs.writeText "${args.name}-csr.json" ''
-    {
-      "CN": "${args.cn}",
-      "hosts": [ ${args.hosts} ],
-      "key": {
-          "algo": "rsa",
-          "size": 2048
-      },
-      "names": [
-          {
-            "O": "${args.o}"
-          }
-      ]
-    }
-  '';
+  csr = o: {
+    key = {
+      algo = "rsa";
+      size = 2048;
+    };
+    names = [
+      {
+        CN = "kubernetes-cluster-ca";
+        O = "${o}";
+        OU = "services.kubernetes.pki.caSpec";
+        L = "generated";
+      }
+    ];
+  };
+
+  gencsr = args: pkgs.writeText "${args.name}-csr.json" (builtins.toJSON {
+      CN = "${args.cn}";
+      hosts = [ "${args.hosts}" ];
+    } // csr args.o
+  );

  initca' =
    let
-      ca_csr = pkgs.writeText "kube-pki-cacert-csr.json" (builtins.toJSON {
-          key = {
-              algo = "rsa";
-              size = 2048;
-          };
-          names = [
-            {
-              CN = "kubernetes-cluster-ca";
-              O = "NixOS";
-              OU = "services.kubernetes.pki.caSpec";
-              L = "generated";
-            }
-          ];
-        });
+      ca_csr = pkgs.writeText "kube-pki-cacert-csr.json" (
+        builtins.toJSON (csr "NixOS")
+      );
    in
      pkgs.runCommand "initca" {
        buildInputs = [ pkgs.cfssl ];
@@ -104,17 +98,6 @@ let
        o = name;
      };
    };
-
-  # certToSet = cert:
-  #   {
-  #     key = "${cert}/cert-key.pem";
-  #     cert = "${cert}/cert.pem";
-  #   };
-
-  # builtins.foldl'
-  #   (a: x: a // { ${x} = (certificates.${x}); })
-  #   { inherit ca; }
-  #   (builtins.attrNames certificates)
 in
 {
    inherit ca;