nix: rename { machines => hosts }

[sourcephile-nix.git] / shell / modules / tools / security / openssl.nix

diff --git a/shell/modules/tools/security/openssl.nix b/shell/modules/tools/security/openssl.nix
index ce7a1c035c05ed192cde51155376debb4b0af6e5..722fa554247fe4f2a8cb9d7fd6bff7723cf95415 100644 (file)
--- a/shell/modules/tools/security/openssl.nix
+++ b/shell/modules/tools/security/openssl.nix
@@ -10,7 +10,6 @@ let
     test -s "$PASSWORD_STORE_DIR/${cert.passPrefix}/${id}/key.pem.gpg" || {
       info "  generateKey: $PASSWORD_STORE_DIR/${cert.passPrefix}/${id}/key.pem.gpg"
       ${pkgs.openssl}/bin/openssl genrsa \
-       -out stdout \
        -rand /dev/urandom \
        ${toString cert.keySize} |
       ${pkgs.pass}/bin/pass insert --multiline "${cert.passPrefix}/${id}/key.pem"
@@ -120,7 +119,7 @@ let
     set -eu
     # SYNTAX: $url
     x509="''${x509:-x509}"
-    url="$1"
+    url="$1"; shift
     host=$(
       printf %s "$url" |
       ${pkgs.gnused}/bin/sed \
@@ -133,8 +132,9 @@ let
     mkdir -p "x509/$host"
     begin="-----BEGIN CERTIFICATE-----"
     end="-----END CERTIFICATE-----"
+    set -x
     echo |
-    "$tool"/openssl s_client \
+    ${pkgs.openssl}/bin/openssl s_client \
      -showcerts \
      -servername "$servername" \
      -connect    "$host" \
@@ -148,7 +148,7 @@ in
 options.openssl = {
   enable = lib.mkEnableOption "Configuration of X.509 certificates";
   opensslHome = lib.mkOption {
-    type = types.path;
+    type = types.str;
     default = "sec/openssl";
     description = ''
       OpenSSL's directory.