diff --git a/nixos/linux.nix b/nixos/linux.nix index 2e0ffc5..e0572eb 100644 --- a/nixos/linux.nix +++ b/nixos/linux.nix @@ -257,9 +257,16 @@ in { path = [ pkgs.openssl ]; script = '' SSL_DIR=/var/coldairnetworks-db/ssl + NEEDS_REGEN=0 if [ ! -f "$SSL_DIR/server.crt" ]; then + NEEDS_REGEN=1 + elif ! openssl x509 -in "$SSL_DIR/server.crt" -text -noout 2>/dev/null | grep -q "db.coldairnetworks.com"; then + NEEDS_REGEN=1 + fi + if [ "$NEEDS_REGEN" = "1" ]; then openssl req -new -x509 -days 3650 -nodes \ -subj "/CN=mainframe.philippeterson.com" \ + -addext "subjectAltName=DNS:mainframe.philippeterson.com,DNS:db.coldairnetworks.com" \ -keyout "$SSL_DIR/server.key" \ -out "$SSL_DIR/server.crt" chmod 600 "$SSL_DIR/server.key"