gebner
/
nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
nixos-config/mastus/vmtest.nix

81 lines
1.8 KiB
Nix
Raw Blame History

let
configuration = { config, pkgs, ... }: {
imports = [ ./configuration.nix ];
users.extraUsers.gebner.password = "";
users.users.root.password = "";
boot.enableContainers = true;
systemd.services.createSSLKeys = {
path = [ pkgs.easyrsa ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
};
script = ''
rm -rf /etc/sslcerts
mkdir -p /etc/sslcerts/keys
cd /etc/sslcerts
# export PKCS11TOOL="pkcs11-tool"
export KEY_CONFIG=`${pkgs.easyrsa}/share/easy-rsa/whichopensslcnf ${pkgs.easyrsa}/share/easy-rsa/`
export KEY_DIR="$PWD/keys"
# PKCS11 fixes
# export PKCS11_MODULE_PATH="dummy"
# export PKCS11_PIN="dummy"
export KEY_SIZE=1024
export CA_EXPIRE=3650
export KEY_EXPIRE=3650
export KEY_COUNTRY="AT"
export KEY_PROVINCE="AT"
export KEY_CITY="Vienna"
export KEY_ORG="Gabriel"
export KEY_EMAIL="testing@gebner.org"
export KEY_CN=testing.gebner.org
export KEY_NAME=testing.gebner.org
export KEY_OU=testing
# export PKCS11_MODULE_PATH=changeme
# export PKCS11_PIN=1234
clean-all
build-dh
pkitool --initca
KEY_CN=git.gebner.org pkitool --server git
KEY_CN=imap.gebner.org pkitool --server mail
cp keys/ca.crt startssl.cert
cp keys/mail.crt mail.cert
cp keys/mail.key mail.key
cp keys/mail.key mail-dovecot.key && chown dovecot2 mail-dovecot.key
cp keys/git.crt git.cert
cp keys/git.key mastus.key
'';
};
systemd.services.setupVM = rec {
wantedBy = [ "gogs.service" "dovecot2.service" ];
before = wantedBy;
wants = [ "createSSLKeys.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
};
script = ''
mkdir -p /srv/git.gebner.org
chown git:git -R /srv/git.gebner.org
'';
};
};
nixos = import <nixpkgs/nixos> { configuration = configuration; };
in nixos.vm
Reference in New Issue View Git Blame Copy Permalink