blob: 4b6a38b8fa3071f671c8357c593e25fa5b9f29cc (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
# Minica can provide a CA key and cert, plus a key
# and cert for our fake CA server's Web Front End (WFE).
{ minica, mkDerivation }:
let
domain = "acme.test";
selfSignedCertData = mkDerivation {
name = "test-certs";
buildInputs = [ minica ];
phases = [ "buildPhase" "installPhase" ];
buildPhase = ''
mkdir ca
minica \
--ca-key ca/key.pem \
--ca-cert ca/cert.pem \
--domains ${domain}
chmod 600 ca/*
chmod 640 ${domain}/*.pem
'';
installPhase = ''
mkdir -p $out
mv ${domain} ca $out/
'';
};
in {
inherit domain;
ca = {
cert = "${selfSignedCertData}/ca/cert.pem";
key = "${selfSignedCertData}/ca/key.pem";
};
"${domain}" = {
cert = "${selfSignedCertData}/${domain}/cert.pem";
key = "${selfSignedCertData}/${domain}/key.pem";
};
}
|
