Coder Social home page Coder Social logo

stlsc.nix's Introduction

stlsc.nix

a sacrificial tls certificate packaged as a nix flake

usage

Recommended: stlsc.nix is available as a Flake, which you can wire up to your build system. If, however, you just need a one-off cert, you can download one (and all other associated information) from the most recent build artifacts.

For a complete example, see the devShell of systemgmi:

https://github.com/lincolnauster/systemgmi/blob/dev/flake.nix#L29

usage as an expression

stlsc.nix/flake.nix contains two primary outputs: defaultPackage.$system, and customCert.$system. Using the latter looks like this:

{
  out = stlsc.customCert.x86_64-linux {
    country = "US";
    state   = "NA";
    city    = "NA";
    org     = "help i'm trapped in a TLS cert factory";
    orgunit = "help";
    fqdn    = "example.com";
    email   = "[email protected]";
    pass    = "hunter2";
  };
}

Note that this requires supplying the password in plain text. If this bothers you, you probably shouldn't be using a sacrificial TLS cert. The defaultPackage output does exactly the same thing, but with slightly different default options (see all of them in flake.nix).

Outputs are as follows:

|               path | value                                       |
|--------------------|---------------------------------------------|
| `$out/pass`        | the password you set during creation        |
| `$out/privkey.pem` | the generated private key                   |
| `$out/privkey.pem` | the generated private key                   |
| `$out/tlscert.pem` | the generate self-signed tls cert           |
| `$out/tlscert.pfx` | PKCS#12 export of both the key and the cert |

security

no :). everything, including passwords and private keys, are written in plain text and world-readable in the nix store. this is called sacrifcial for a reason, and is just for spinning up quick development environments where a TLS certificate is a requirement but a good one is not.

todos

  • set up automated updating
  • set up automated testing
  • seeding the generation for determinism?
  • allow creation of certs with no passwords
  • docs:
    • put an example here
    • document the output files in result/

stlsc.nix's People

Contributors

oldaccountdeadname avatar github-actions[bot] avatar

Stargazers

Gean Marroquin avatar Sandalots avatar Jan-Erik Rediger avatar Florian Klein avatar Sascha avatar Yorick avatar Oleg Lebedev avatar Daniel Kahlenberg avatar

Watchers

James Cloos avatar avatar

stlsc.nix's Issues

bulid isn't deterministic

Random number generation is (obviously) used. It might be useful (?) to have a way to seed the RNG to keep builds deterministic.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.