Merge pull request #45567 from johanot/certmgr-rootca-patch
certmgr: Add patch for optional trust of self-signed certificates at remote cfssl apiserver
This commit is contained in:
commit
72f324dbc7
3 changed files with 48 additions and 20 deletions
|
@ -30,13 +30,20 @@ let
|
|||
|
||||
preStart = ''
|
||||
${concatStringsSep " \\\n" (["mkdir -p"] ++ map escapeShellArg specPaths)}
|
||||
${pkgs.certmgr}/bin/certmgr -f ${certmgrYaml} check
|
||||
${cfg.package}/bin/certmgr -f ${certmgrYaml} check
|
||||
'';
|
||||
in
|
||||
{
|
||||
options.services.certmgr = {
|
||||
enable = mkEnableOption "certmgr";
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.certmgr;
|
||||
defaultText = "pkgs.certmgr";
|
||||
description = "Which certmgr package to use in the service.";
|
||||
};
|
||||
|
||||
defaultRemote = mkOption {
|
||||
type = types.str;
|
||||
default = "127.0.0.1:8888";
|
||||
|
@ -187,7 +194,7 @@ in
|
|||
serviceConfig = {
|
||||
Restart = "always";
|
||||
RestartSec = "10s";
|
||||
ExecStart = "${pkgs.certmgr}/bin/certmgr -f ${certmgrYaml}";
|
||||
ExecStart = "${cfg.package}/bin/certmgr -f ${certmgrYaml}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,23 +1,43 @@
|
|||
{ stdenv, buildGoPackage, fetchFromGitHub }:
|
||||
{ stdenv, buildGoPackage, fetchFromGitHub, fetchpatch }:
|
||||
|
||||
buildGoPackage rec {
|
||||
version = "1.6.1";
|
||||
name = "certmgr-${version}";
|
||||
let
|
||||
generic = { patches ? [] }:
|
||||
buildGoPackage rec {
|
||||
version = "1.6.1";
|
||||
name = "certmgr-${version}";
|
||||
|
||||
goPackagePath = "github.com/cloudflare/certmgr/";
|
||||
goPackagePath = "github.com/cloudflare/certmgr/";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "cloudflare";
|
||||
repo = "certmgr";
|
||||
rev = "v${version}";
|
||||
sha256 = "1ky2pw1wxrb2fxfygg50h0mid5l023x6xz9zj5754a023d01qqr2";
|
||||
};
|
||||
src = fetchFromGitHub {
|
||||
owner = "cloudflare";
|
||||
repo = "certmgr";
|
||||
rev = "v${version}";
|
||||
sha256 = "1ky2pw1wxrb2fxfygg50h0mid5l023x6xz9zj5754a023d01qqr2";
|
||||
};
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
homepage = https://cfssl.org/;
|
||||
description = "Cloudflare's certificate manager";
|
||||
platforms = platforms.linux;
|
||||
license = licenses.bsd2;
|
||||
maintainers = with maintainers; [ johanot srhb ];
|
||||
inherit patches;
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
homepage = https://cfssl.org/;
|
||||
description = "Cloudflare's certificate manager";
|
||||
platforms = platforms.linux;
|
||||
license = licenses.bsd2;
|
||||
maintainers = with maintainers; [ johanot srhb ];
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
certmgr = generic {};
|
||||
|
||||
certmgr-selfsigned = generic {
|
||||
# The following patch makes it possible to use a self-signed x509 cert
|
||||
# for the cfssl apiserver.
|
||||
# TODO: remove patch when PR is merged.
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
url = "https://github.com/cloudflare/certmgr/pull/51.patch";
|
||||
sha256 = "0jhsw159d2mgybvbbn6pmvj4yqr5cwcal5fjwkcn9m4f4zlb6qrs";
|
||||
})
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1821,7 +1821,8 @@ in
|
|||
};
|
||||
ceph-dev = ceph;
|
||||
|
||||
certmgr = callPackage ../tools/security/certmgr { };
|
||||
inherit (callPackages ../tools/security/certmgr { })
|
||||
certmgr certmgr-selfsigned;
|
||||
|
||||
cfdg = callPackage ../tools/graphics/cfdg { };
|
||||
|
||||
|
|
Loading…
Reference in a new issue