From a5deaf9e935f716ed3200c37abc656108c21cfad Mon Sep 17 00:00:00 2001
From: "Pedro O. A. Regis" <pedroalencarregis@hotmail.com>
Date: Fri, 21 Jun 2024 21:26:08 -0300
Subject: [PATCH] nixos/kubernetes: adds argument to mkCert defaulting to
 kubernetes group

---
 nixos/modules/services/cluster/kubernetes/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/nixos/modules/services/cluster/kubernetes/default.nix b/nixos/modules/services/cluster/kubernetes/default.nix
index 89bbedf4d040..37f0593d3234 100644
--- a/nixos/modules/services/cluster/kubernetes/default.nix
+++ b/nixos/modules/services/cluster/kubernetes/default.nix
@@ -61,13 +61,13 @@ let
   etcdEndpoints = ["https://${cfg.masterAddress}:2379"];
 
   mkCert = { name, CN, hosts ? [], fields ? {}, action ? "",
-             privateKeyOwner ? "kubernetes" }: rec {
+             privateKeyOwner ? "kubernetes", privateKeyGroup ? "kubernetes" }: rec {
     inherit name caCert CN hosts fields action;
     cert = secret name;
     key = secret "${name}-key";
     privateKeyOptions = {
       owner = privateKeyOwner;
-      group = "nogroup";
+      group = privateKeyGroup;
       mode = "0600";
       path = key;
     };