yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

re-generate ssh certificates when machine name or domains changes

Browse Source
This commit is contained in:
Jörg Thalheim
2024-12-25 14:26:22 +01:00
committed by Mic92
parent 862aef73eb
commit a04e251f96
1 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
clanModules/sshd/roles/server.nix
View File

@@ -7,10 +7,12 @@
let let
stringSet = list: builtins.attrNames (builtins.groupBy lib.id list); stringSet = list: builtins.attrNames (builtins.groupBy lib.id list);
domains = stringSet config.clan.sshd.certificate.searchDomains;
signArgs = builtins.concatStringsSep " " ( signArgs = builtins.concatStringsSep " " (
builtins.map (domain: "-n ${lib.escapeShellArg "${config.clan.core.machineName}.${domain}"}") ( builtins.map (
stringSet config.clan.sshd.certificate.searchDomains domain: "-n ${lib.escapeShellArg "${config.clan.core.machineName}.${domain}"}"
) ) domains
); );
cfg = config.clan.sshd; cfg = config.clan.sshd;
in in
@@ -51,6 +53,10 @@ in
"openssh" "openssh"
"openssh-ca" "openssh-ca"
]; ];
validation = {
name = config.clan.core.machineName;
domains = lib.genAttrs config.clan.sshd.certificate.searchDomains lib.id;
};
runtimeInputs = [ runtimeInputs = [
pkgs.openssh pkgs.openssh
pkgs.jq pkgs.jq