WIP: clean pki.nix

2019-10-16 10:46:16 +02:00
parent 4b53e9c578
commit 92ebff4a73
1 changed files with 23 additions and 40 deletions
--- a/lib/pki.nix
+++ b/lib/pki.nix
@@ -21,25 +21,7 @@ let
  }
  '';

-  gencsr = args: pkgs.writeText "${args.name}-csr.json" ''
-    {
-      "CN": "${args.cn}",
-      "hosts": [ ${args.hosts} ],
-      "key": {
-          "algo": "rsa",
-          "size": 2048
-      },
-      "names": [
-          {
-            "O": "${args.o}"
-          }
-      ]
-    }
-  '';
-
-  initca' =
-    let
-      ca_csr = pkgs.writeText "kube-pki-cacert-csr.json" (builtins.toJSON {
+  csr = o: {
    key = {
      algo = "rsa";
      size = 2048;
@@ -47,12 +29,24 @@ let
    names = [
      {
        CN = "kubernetes-cluster-ca";
-              O = "NixOS";
+        O = "${o}";
        OU = "services.kubernetes.pki.caSpec";
        L = "generated";
      }
    ];
-        });
+  };
+
+  gencsr = args: pkgs.writeText "${args.name}-csr.json" (builtins.toJSON {
+      CN = "${args.cn}";
+      hosts = [ "${args.hosts}" ];
+    } // csr args.o
+  );
+
+  initca' =
+    let
+      ca_csr = pkgs.writeText "kube-pki-cacert-csr.json" (
+        builtins.toJSON (csr "NixOS")
+      );
    in
      pkgs.runCommand "initca" {
        buildInputs = [ pkgs.cfssl ];
@@ -104,17 +98,6 @@ let
        o = name;
      };
    };
-
-  # certToSet = cert:
-  #   {
-  #     key = "${cert}/cert-key.pem";
-  #     cert = "${cert}/cert.pem";
-  #   };
-
-  # builtins.foldl'
-  #   (a: x: a // { ${x} = (certificates.${x}); })
-  #   { inherit ca; }
-  #   (builtins.attrNames certificates)
 in
 {
    inherit ca;