mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-09-29 08:38:18 +03:00
nixos/taskserver: Move .trust out of .pki
This is clearly a server configuration option and has nothing to do with certificate creation and signing, so let's move it away from the .pki namespace. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This commit is contained in:
parent
3affead91b
commit
6df374910f
@ -44,7 +44,7 @@ let
|
|||||||
${mkConfLine "server.crl" cfg.pki.crl}
|
${mkConfLine "server.crl" cfg.pki.crl}
|
||||||
|
|
||||||
# certificates
|
# certificates
|
||||||
${mkConfLine "trust" cfg.pki.trust}
|
${mkConfLine "trust" cfg.trust}
|
||||||
${if needToCreateCA then ''
|
${if needToCreateCA then ''
|
||||||
ca.cert = ${cfg.dataDir}/keys/ca.cert
|
ca.cert = ${cfg.dataDir}/keys/ca.cert
|
||||||
server.cert = ${cfg.dataDir}/keys/server.cert
|
server.cert = ${cfg.dataDir}/keys/server.cert
|
||||||
@ -261,6 +261,19 @@ in {
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
trust = mkOption {
|
||||||
|
type = types.enum [ "allow all" "strict" ];
|
||||||
|
default = "strict";
|
||||||
|
description = ''
|
||||||
|
Determines how client certificates are validated.
|
||||||
|
|
||||||
|
The value <literal>allow all</literal> performs no client
|
||||||
|
certificate validation. This is not recommended. The value
|
||||||
|
<literal>strict</literal> causes the client certificate to be
|
||||||
|
validated against a CA.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
pki = {
|
pki = {
|
||||||
cert = mkOption {
|
cert = mkOption {
|
||||||
type = types.nullOr types.path;
|
type = types.nullOr types.path;
|
||||||
@ -292,19 +305,6 @@ in {
|
|||||||
a configuration file reload before the next request is handled.
|
a configuration file reload before the next request is handled.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
trust = mkOption {
|
|
||||||
type = types.enum [ "allow all" "strict" ];
|
|
||||||
default = "strict";
|
|
||||||
description = ''
|
|
||||||
Determines how client certificates are validated.
|
|
||||||
|
|
||||||
The value <literal>allow all</literal> performs no client
|
|
||||||
certificate validation. This is not recommended. The value
|
|
||||||
<literal>strict</literal> causes the client certificate to be
|
|
||||||
validated against a CA.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
Loading…
Reference in New Issue
Block a user