WIP: clean pki.nix

lib/pki.nix

@@ -21,25 +21,7 @@ let
   }
   '';
 
-  gencsr = args: pkgs.writeText "${args.name}-csr.json" ''
+  csr = o: {
-    {
-      "CN": "${args.cn}",
-      "hosts": [ ${args.hosts} ],
-      "key": {
-          "algo": "rsa",
-          "size": 2048
-      },
-      "names": [
-          {
-            "O": "${args.o}"
-          }
-      ]
-    }
-  '';
-
-  initca' =
-    let
-      ca_csr = pkgs.writeText "kube-pki-cacert-csr.json" (builtins.toJSON {
     key = {
       algo = "rsa";
       size = 2048;
@@ -47,12 +29,24 @@ let
     names = [
       {
         CN = "kubernetes-cluster-ca";
-              O = "NixOS";
+        O = "${o}";
         OU = "services.kubernetes.pki.caSpec";
         L = "generated";
       }
     ];
-        });
+  };
+
+  gencsr = args: pkgs.writeText "${args.name}-csr.json" (builtins.toJSON {
+      CN = "${args.cn}";
+      hosts = [ "${args.hosts}" ];
+    } // csr args.o
+  );
+
+  initca' =
+    let
+      ca_csr = pkgs.writeText "kube-pki-cacert-csr.json" (
+        builtins.toJSON (csr "NixOS")
+      );
     in
       pkgs.runCommand "initca" {
         buildInputs = [ pkgs.cfssl ];
@@ -104,17 +98,6 @@ let
         o = name;
       };
     };
-
-  # certToSet = cert:
-  #   {
-  #     key = "${cert}/cert-key.pem";
-  #     cert = "${cert}/cert.pem";
-  #   };
-
-  # builtins.foldl'
-  #   (a: x: a // { ${x} = (certificates.${x}); })
-  #   { inherit ca; }
-  #   (builtins.attrNames certificates)
 in
 {
     inherit ca;