kitten.sh
Personal Nix setup
Add certificates and CA
+58
-2
+4
.gitignore
+4
.gitignore
+2
-2
lib/apps/genCerts.nix
+2
-2
lib/apps/genCerts.nix
···
43
43
44
44
caCertificate = {
45
45
name = "ca";
46
-
output = "modules/base/encrypt/";
46
+
output = "modules/base/certs/";
47
47
settings.initca = true;
48
48
};
49
49
50
50
certificates = [
51
51
{
52
52
name = "mqtt";
53
-
output = "modules/automation/encrypt/";
53
+
output = "modules/automation/certs/";
54
54
settings = {
55
55
profile = "auth-only";
56
56
config = caConf;
modules/automation/certs/mqtt.crt.age
modules/automation/certs/mqtt.crt.age
This is a binary file and will not be displayed.
modules/automation/certs/mqtt.key.age
modules/automation/certs/mqtt.key.age
This is a binary file and will not be displayed.
+19
modules/base/certs.nix
+19
modules/base/certs.nix
···
1
+
{ lib, config, ... }:
2
+
3
+
with lib;
4
+
let
5
+
cfg = config.modules.gpg;
6
+
in {
7
+
options.modules.certs = {
8
+
enable = mkOption {
9
+
default = true;
10
+
description = "CA Certificates";
11
+
type = types.bool;
12
+
};
13
+
};
14
+
15
+
config = mkIf cfg.enable {
16
+
security.pki.certificateFiles = [ ./certs/ca.crt ];
17
+
};
18
+
}
19
+
+29
modules/base/certs/ca.crt
+29
modules/base/certs/ca.crt
···
1
+
-----BEGIN CERTIFICATE-----
2
+
MIIE6jCCAtKgAwIBAgIUXTqgvbXI0xhtkVXYUUFVvLD5Nv0wDQYJKoZIhvcNAQEN
3
+
BQAwDTELMAkGA1UEAxMCY2EwHhcNMjQwOTIxMjIwNjAwWhcNMjkwOTIwMjIwNjAw
4
+
WjANMQswCQYDVQQDEwJjYTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
5
+
ALzvrQg/WajwUho0LDjbPThVeSn/kMnrtHCMKrXnTZdz3Ok/KmRtTgNJ9QbbJsLR
6
+
A6EhyVxK/W775jki3bLv/hi998s6H4yimgoP+x64l/KFrcxUPsDSM5GfGCfDZoFO
7
+
fAxoLT5RWhuQdJ679x9GIIG0sIunWs8VPkXlipXMORb2tU8g9rEUR1uJwYVhW2by
8
+
EX4znWcndJg5+yAVzFdzPjSyuiPPUES4MPXHHBgyP6qeH1C8gUmYV8l5u+On4lSW
9
+
UE66Shk3mO5dbvit3+g+/7zGR584tM+cxqzeHz+S0yOKOhnL01OWtf2FHBIZSRmK
10
+
j5AM9/Z4MqOom7qVHDol1kO8j/0ub1Xb1tXJ4eAKTeecrx3ouUawCoenrPJYV2f5
11
+
6+tp0QQ20X7+IF4DojA2oqOx6QtDN5AweRnQuZFd+hYusStuspMVeeKzP+XUPYTA
12
+
3ILlTJ26/2Fenc65uewgtbxVR30HNQ7S7jMrI+xzRXPZ9ZSXNbMne62UNPQL1dpK
13
+
cmsRuNkpobnC10Tw/HVmFmhf07zi71IIj/IIL1YdSxFT8xI27WAwh0GNUBGYUkJe
14
+
EbpeMlr3czl6Sx0AG/tsOsJDCu4mdp9Y1kyEIWtkMgi5jeboTWUPhYQ+zBTe2eyu
15
+
yPBcEmp44W4OGazbbv0qg6/2h1emwaDDEBTZINvtCz15AgMBAAGjQjBAMA4GA1Ud
16
+
DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSz4KVhDRkOqW70
17
+
pi6hoPPMAb7wwzANBgkqhkiG9w0BAQ0FAAOCAgEADdy4pZGIeQqNVChDNNMET7Tl
18
+
DFgTp1q4DQT0Yk9qHtVpIhbxTBWCyfoweNZVx7LL4RzTzZQ73O4YJ7obHPAlMqEW
19
+
bHL/ZctSgG0saVpwk6t0hlX0va/SOjZheplDQBavWTlBlWkE8PiySGcD+CPcP8iS
20
+
qCNh6Eyt2DHODXjGPjaucQlQ3jovNqJjGQbMmFkVQjYwK5Liyj/qu3MxEYky95yt
21
+
S/W8ipnzLE74Um/sJTE0XMKGTcSPrci5ren0EqrgEvuX8rFoJqmJSQloe8H8DycH
22
+
6IptkHncIy8trAby4sZNNA8DHzfJRNe++DVxcbHbXCyd1Nh+yvODuFqZPAcNWY3Y
23
+
aV56xaeu4C0l+ukDj1OpclovZC5r0JFhtcnde6JQo+/8WhVobpRdIYbVFbbV+TiF
24
+
8zUTQobQdDWJriInEoAqmTD+r5gcZYjJJH29yCRzKnltMMCnybDiDSBLwAZPZ94r
25
+
mCeINP2AXGCgJfcXKDvL0o5MVL5jW9xt4ARgn8QaDVqWQfPbWaSLHoQhm671gOHI
26
+
Jk/yq5WsfFuoYWS+dM39vRqb9LWub91Q9HQA+IJ5PXyvpLOI5FJKV5Lp+HkRMA++
27
+
T7wH8VFKIJHGjAm3j2JxrNUeVq+n5/dadHFvv/i1b/nzcWH48L8TxjFR4ab3JG9M
28
+
ftCgJngtxuQKgwJa6HQ=
29
+
-----END CERTIFICATE-----
+1
modules/base/default.nix
+1
modules/base/default.nix
+3
secrets.nix
+3
secrets.nix
···
21
21
"./home/base/encrypt/CA84692E3CC846C8EC7272468E962B63FC599E49.key.age".publicKeys = keys;
22
22
23
23
"./home/development/encrypt/npmrc.age".publicKeys = keys;
24
+
25
+
"./modules/automation/certs/mqtt.key.age".publicKeys = keys;
26
+
"./modules/automation/certs/mqtt.crt.age".publicKeys = keys;
24
27
}