mastus/vmtest: update to new easyrsa version

2016-04-24 16:44:51 +02:00 · 2016-04-24 16:44:51 +02:00 · 91bd193c60
commit 91bd193c60
parent e7bb728c00
1 changed files with 8 additions and 34 deletions
--- a/mastus/vmtest.nix
+++ b/mastus/vmtest.nix
@ -16,48 +16,22 @@ let
      };
      script = ''
 rm -rf /etc/sslcerts
-mkdir -p /etc/sslcerts/keys
+mkdir -p /etc/sslcerts
 cd /etc/sslcerts

-# export PKCS11TOOL="pkcs11-tool"
-export KEY_CONFIG=`${pkgs.easyrsa}/share/easy-rsa/whichopensslcnf ${pkgs.easyrsa}/share/easy-rsa/`
-export KEY_DIR="$PWD/keys"
+easyrsa-init
+easyrsa init-pki
+easyrsa --batch --req-cn=testing.gebner.org build-ca nopass
+easyrsa --req-cn=gebner.org build-server-full gebner_org nopass

-# PKCS11 fixes
-# export PKCS11_MODULE_PATH="dummy"
-# export PKCS11_PIN="dummy"
-
-export KEY_SIZE=1024
-
-export CA_EXPIRE=3650
-export KEY_EXPIRE=3650
-
-export KEY_COUNTRY="AT"
-export KEY_PROVINCE="AT"
-export KEY_CITY="Vienna"
-export KEY_ORG="Gabriel"
-export KEY_EMAIL="testing@gebner.org"
-export KEY_CN=testing.gebner.org
-export KEY_NAME=testing.gebner.org
-export KEY_OU=testing
-# export PKCS11_MODULE_PATH=changeme
-# export PKCS11_PIN=1234
-
-clean-all
-build-dh
-pkitool --initca
-
-KEY_CN=gebner.org pkitool --server gebner_org
-
-cat keys/gebner_org.crt keys/ca.crt >fullchain.pem
-cp keys/gebner_org.key key.pem
+cat pki/issued/gebner_org.crt pki/ca.crt >fullchain.pem
+cp pki/private/gebner_org.key key.pem
 cp key.pem key-dovecot.pem && chown dovecot2 key-dovecot.pem
-
      '';
    };

    systemd.services.setupVM = rec {
-      wantedBy = [ "gogs.service" "dovecot2.service" ];
+      wantedBy = [ "gogs.service" "dovecot2.service" "nginx.service" ];
      before = wantedBy;
      wants = [ "createSSLKeys.service" ];
      serviceConfig = {