nixos/taskserver: Add trust option to config file

The server starts up without that option anyway, but it complains about its value not being set. As we probably want to have access to that configuration value anyway, let's expose this via the NixOS module as well. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2016-04-05 16:09:12 +02:00 · 2016-04-05 16:09:12 +02:00 · 411c6f77a3
commit 411c6f77a3
parent 1f410934f2
1 changed files with 14 additions and 0 deletions
--- a/nixos/modules/services/misc/taskserver.nix
+++ b/nixos/modules/services/misc/taskserver.nix
@ -47,6 +47,7 @@ let
    ${mkConfLine "server.crl" cfg.server.crl}

    # certificates
+    ${mkConfLine "trust" cfg.server.trust}
    ${if needToCreateCA then ''
      ca.cert = ${cfg.dataDir}/keys/ca.cert
      server.cert = ${cfg.dataDir}/keys/server.cert
@ -233,6 +234,19 @@ in {
            a configuration file reload before the next request is handled.
          '';
        };
+
+        trust = mkOption {
+          type = types.enum [ "allow all" "strict" ];
+          default = "strict";
+          description = ''
+            Determines how client certificates are validated.
+
+            The value <literal>allow all</literal> performs no client
+            certificate validation. This is not recommended. The value
+            <literal>strict</literal> causes the client certificate to be
+            validated against a CA.
+          '';
+        };
      };
    };
  };