let configuration = { config, pkgs, ... }: { imports = [ ./configuration.nix ]; users.extraUsers.gebner.password = ""; users.users.root.password = ""; boot.enableContainers = true; systemd.services.createSSLKeys = { path = [ pkgs.easyrsa ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = "yes"; }; script = '' rm -rf /etc/sslcerts mkdir -p /etc/sslcerts/keys cd /etc/sslcerts # export PKCS11TOOL="pkcs11-tool" export KEY_CONFIG=`${pkgs.easyrsa}/share/easy-rsa/whichopensslcnf ${pkgs.easyrsa}/share/easy-rsa/` export KEY_DIR="$PWD/keys" # PKCS11 fixes # export PKCS11_MODULE_PATH="dummy" # export PKCS11_PIN="dummy" export KEY_SIZE=1024 export CA_EXPIRE=3650 export KEY_EXPIRE=3650 export KEY_COUNTRY="AT" export KEY_PROVINCE="AT" export KEY_CITY="Vienna" export KEY_ORG="Gabriel" export KEY_EMAIL="testing@gebner.org" export KEY_CN=testing.gebner.org export KEY_NAME=testing.gebner.org export KEY_OU=testing # export PKCS11_MODULE_PATH=changeme # export PKCS11_PIN=1234 clean-all build-dh pkitool --initca KEY_CN=git.gebner.org pkitool --server git KEY_CN=imap.gebner.org pkitool --server mail cp keys/ca.crt startssl.cert cp keys/mail.crt mail.cert cp keys/mail.key mail.key cp keys/mail.key mail-dovecot.key && chown dovecot2 mail-dovecot.key cp keys/git.crt git.cert cp keys/git.key mastus.key ''; }; systemd.services.setupVM = rec { wantedBy = [ "gogs.service" "dovecot2.service" ]; before = wantedBy; wants = [ "createSSLKeys.service" ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = "yes"; }; script = '' mkdir -p /srv/git.gebner.org chown git:git -R /srv/git.gebner.org ''; }; }; nixos = import { configuration = configuration; }; in nixos.vm