mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-01-24 05:44:13 +00:00
3d820d5ba1
Now the service starts up if only the services.taskserver.enable option
is set to true.
We now also have three systemd services (started in this order):
* taskserver-init: For creating the necessary data directory and also
includes a refecence to the configuration file in
the Nix store.
* taskserver-ca: Only enabled if none of the server.key, server.cert,
server.crl and caCert options are set, so we can
allow for certificates that are issued by another
CA.
This service creates a new CA key+certificate and a
server key+certificate and signs the latter using
the CA key.
The permissions of these keys/certs are set quite
strictly to allow only the root user to sign
certificates.
* taskserver: The main Taskserver service which just starts taskd.
We now also log to stdout and thus to the journal.
Of course, there are still a few problems left to solve, for instance:
* The CA currently only signs the server certificates, so it's
only usable for clients if the server doesn't validate client certs
(which is kinda pointless).
* Using "taskd <command>" is currently still a bit awkward to use, so
we need to properly wrap it in environment.systemPackages to set the
dataDir by default.
* There are still a few configuration options left to include, for
example the "trust" option.
* We might want to introduce an extraConfig option.
* It might be useful to allow for declarative configuration of
organisations and users, especially when it comes to creating client
certificates.
* The right signal has to be sent for the taskserver service to reload
properly.
* Currently the CA and server certificates are created using
server.host as the common name and doesn't set additional certificate
information. This could be improved by adding options that explicitly
set that information.
As for the config file, we might need to patch taskd to allow for
setting not only --data but also a --cfgfile, which then omits the
${dataDir}/config file. We can still use the "include" directive from
the file specified using --cfgfile in order to chainload
${dataDir}/config.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
|
||
|---|---|---|
| .. | ||
| apache-kafka.nix | ||
| autofs.nix | ||
| bepasty.nix | ||
| calibre-server.nix | ||
| canto-daemon.nix | ||
| cfdyndns.nix | ||
| cgminer.nix | ||
| confd.nix | ||
| cpuminer-cryptonight.nix | ||
| defaultUnicornConfig.rb | ||
| devmon.nix | ||
| dictd.nix | ||
| disnix.nix | ||
| docker-registry.nix | ||
| etcd.nix | ||
| felix.nix | ||
| folding-at-home.nix | ||
| gammu-smsd.nix | ||
| gitit.nix | ||
| gitlab.nix | ||
| gitlab.xml | ||
| gitolite.nix | ||
| gpsd.nix | ||
| ihaskell.nix | ||
| mantisbt.nix | ||
| mathics.nix | ||
| matrix-synapse-log_config.yaml | ||
| matrix-synapse.nix | ||
| mbpfan.nix | ||
| mediatomb.nix | ||
| mesos-master.nix | ||
| mesos-slave.nix | ||
| mwlib.nix | ||
| nix-daemon.nix | ||
| nix-gc.nix | ||
| nix-ssh-serve.nix | ||
| nixos-manual.nix | ||
| octoprint.nix | ||
| parsoid.nix | ||
| phd.nix | ||
| plex.nix | ||
| redmine.nix | ||
| ripple-data-api.nix | ||
| ripple-rest.nix | ||
| rippled.nix | ||
| rogue.nix | ||
| siproxd.nix | ||
| spice-vdagentd.nix | ||
| subsonic.nix | ||
| sundtek.nix | ||
| svnserve.nix | ||
| synergy.nix | ||
| taskserver.nix | ||
| uhub.nix | ||
| zookeeper.nix | ||