nixos/kubernetes: adds argument to mkCert defaulting to kubernetes group

2025-02-10 14:14:20 +00:00 · 2024-06-21 21:26:08 -03:00 · 2024-06-21 21:26:08 -03:00 · a5deaf9e93
commit a5deaf9e93
parent 1b1de8b52b
1 changed files with 2 additions and 2 deletions
--- a/nixos/modules/services/cluster/kubernetes/default.nix
+++ b/nixos/modules/services/cluster/kubernetes/default.nix
@ -61,13 +61,13 @@ let
  etcdEndpoints = ["https://${cfg.masterAddress}:2379"];

  mkCert = { name, CN, hosts ? [], fields ? {}, action ? "",
-             privateKeyOwner ? "kubernetes" }: rec {
+             privateKeyOwner ? "kubernetes", privateKeyGroup ? "kubernetes" }: rec {
    inherit name caCert CN hosts fields action;
    cert = secret name;
    key = secret "${name}-key";
    privateKeyOptions = {
      owner = privateKeyOwner;
-      group = "nogroup";
+      group = privateKeyGroup;
      mode = "0600";
      path = key;
    };