oceanbox/platform
6
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
4b53e9c57805d795ec905e66631571173e426cb0
platform/lib/initca.nix
Jonas Juselius e4765df729 Migration to new setup
2019-10-15 15:33:43 +02:00

34 lines
831 B
Nix
Raw Blame History

with import <nixpkgs> {};
let
initca' =
let
ca_csr = pkgs.writeText "kube-pki-cacert-csr.json" (builtins.toJSON {
key = {
algo = "rsa";
size = 2048;
};
names = [
{
CN = "kubernetes-cluster-ca";
O = "NixOS";
OU = "services.kubernetes.pki.caSpec";
L = "generated";
}
];
});
in
pkgs.runCommand "initca" {
buildInputs = [ pkgs.cfssl ];
} '' cfssl genkey -initca ${ca_csr} | cfssljson -bare ca; \
mkdir -p $out; cp *.pem $out'';
in
# make ca derivation sha depend on initca cfssl output
pkgs.stdenv.mkDerivation {
name = "ca";
src = initca';
buildCommand = ''
mkdir -p $out;
cp -r $src/* $out
'';
}
Reference in New Issue View Git Blame Copy Permalink