WIP: clean pki.nix

2019-10-16 10:46:16 +02:00
parent 4b53e9c578
commit 92ebff4a73
1 changed files with 23 additions and 40 deletions
--- a/lib/pki.nix
+++ b/lib/pki.nix
@@ -21,38 +21,32 @@ let
  }
  '';
-  gencsr = args: pkgs.writeText "${args.name}-csr.json" ''
+  csr = o: {
-    {
+    key = {
-      "CN": "${args.cn}",
+      algo = "rsa";
-      "hosts": [ ${args.hosts} ],
+      size = 2048;
-      "key": {
+    };
-          "algo": "rsa",
+    names = [
-          "size": 2048
+      {
-      },
+        CN = "kubernetes-cluster-ca";
-      "names": [
+        O = "${o}";
-          {
+        OU = "services.kubernetes.pki.caSpec";
-            "O": "${args.o}"
+        L = "generated";
-          }
+      }
-      ]
+    ];
-    }
+  };
-  '';
+
  gencsr = args: pkgs.writeText "${args.name}-csr.json" (builtins.toJSON {
      CN = "${args.cn}";
      hosts = [ "${args.hosts}" ];
    } // csr args.o
  );
  initca' =
    let
-      ca_csr = pkgs.writeText "kube-pki-cacert-csr.json" (builtins.toJSON {
+      ca_csr = pkgs.writeText "kube-pki-cacert-csr.json" (
-          key = {
+        builtins.toJSON (csr "NixOS")
-              algo = "rsa";
+      );
              size = 2048;
          };
          names = [
            {
              CN = "kubernetes-cluster-ca";
              O = "NixOS";
              OU = "services.kubernetes.pki.caSpec";
              L = "generated";
            }
          ];
        });
    in
      pkgs.runCommand "initca" {
        buildInputs = [ pkgs.cfssl ];
@@ -104,17 +98,6 @@ let
        o = name;
      };
    };
  # certToSet = cert:
  #   {
  #     key = "${cert}/cert-key.pem";
  #     cert = "${cert}/cert.pem";
  #   };
  # builtins.foldl'
  #   (a: x: a // { ${x} = (certificates.${x}); })
  #   { inherit ca; }
  #   (builtins.attrNames certificates)
 in
 {
    inherit ca;