diff options
author | lassulus <lassulus@lassul.us> | 2021-12-09 11:21:06 +0100 |
---|---|---|
committer | lassulus <lassulus@lassul.us> | 2021-12-09 11:31:10 +0100 |
commit | e5fc654f50e2b99bcae186962b29c8754f382f3b (patch) | |
tree | 9f1237624cc1a6c4ca45a651a4c875c4784d51d7 /krebs/5pkgs | |
parent | b981c43a97bf254ea15c324d8f82aab368cdf3d0 (diff) |
add ACME ca via ca.r
Diffstat (limited to 'krebs/5pkgs')
-rw-r--r-- | krebs/5pkgs/simple/generate-krebs-intermediate-ca/default.nix | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/krebs/5pkgs/simple/generate-krebs-intermediate-ca/default.nix b/krebs/5pkgs/simple/generate-krebs-intermediate-ca/default.nix new file mode 100644 index 000000000..8cec54327 --- /dev/null +++ b/krebs/5pkgs/simple/generate-krebs-intermediate-ca/default.nix @@ -0,0 +1,29 @@ +{ pkgs }: +pkgs.writers.writeDashBin "generate-intermediate-ca" '' + TMPDIR=$(mktemp -d) + trap "rm -rf $TMPDIR;" INT TERM EXIT + mkdir -p "$TMPDIR/krebs" + brain show ca/ca.key > "$TMPDIR/krebs/ca.key" + brain show ca/ca.crt > "$TMPDIR/krebs/ca.crt" + export STEPPATH="$TMPDIR/step" + cat << EOF > "$TMPDIR/intermediate.tpl" + { + "subject": {{ toJson .Subject }}, + "keyUsage": ["certSign", "crlSign"], + "basicConstraints": { + "isCA": true, + "maxPathLen": 0 + }, + "nameConstraints": { + "critical": true, + "permittedDNSDomains": ["r" ,"w"] + } + } + EOF + + ${pkgs.step-cli}/bin/step certificate create "Krebs ACME CA" intermediate_ca.crt intermediate_ca.key \ + --template "$TMPDIR/intermediate.tpl" \ + --ca "$TMPDIR/krebs/ca.crt" \ + --ca-key "$TMPDIR/krebs/ca.key" \ + --no-password --insecure +'' |