add module for certifix-client

2024-10-06 11:27:39 +01:00
parent 1a915e91ff
commit 493c5f69d7
2 changed files with 61 additions and 0 deletions
--- a/modules/tls-certificate/certifix-client.nix
+++ b/modules/tls-certificate/certifix-client.nix
@@ -0,0 +1,21 @@
+{ liminix, certifix-client, svc, lib, writeText, serviceFns }:
+{
+  caCertificate,
+  secret,
+  subject,
+  serviceUrl
+}:
+let
+  inherit (builtins) filter isString split;
+  inherit (liminix.services) oneshot;
+  name = "certifix-${lib.strings.sanitizeDerivationName subject}";
+  caCertFile = writeText "ca.crt" caCertificate;
+  secretFile = writeText "secret" secret;
+in oneshot {
+  inherit name;
+  up = ''
+    (in_outputs ${name}
+     SSL_CA_CERT_FILE=${caCertFile} ${certifix-client}/bin/certifix-client --subject ${subject} --secret ${secretFile} --key-out key --certificate-out cert ${serviceUrl}
+    )
+  '';
+}