From 03a4a1a7ef93da620f5b976151e0bd2136b8a2a1 Mon Sep 17 00:00:00 2001 From: Philip Peterson <1326208+philip-peterson@users.noreply.github.com> Date: Thu, 25 Jun 2026 03:26:19 -0700 Subject: [PATCH] tweak SAN --- nixos/linux.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/nixos/linux.nix b/nixos/linux.nix index 2e0ffc5..e0572eb 100644 --- a/nixos/linux.nix +++ b/nixos/linux.nix @@ -257,9 +257,16 @@ in { path = [ pkgs.openssl ]; script = '' SSL_DIR=/var/coldairnetworks-db/ssl + NEEDS_REGEN=0 if [ ! -f "$SSL_DIR/server.crt" ]; then + NEEDS_REGEN=1 + elif ! openssl x509 -in "$SSL_DIR/server.crt" -text -noout 2>/dev/null | grep -q "db.coldairnetworks.com"; then + NEEDS_REGEN=1 + fi + if [ "$NEEDS_REGEN" = "1" ]; then openssl req -new -x509 -days 3650 -nodes \ -subj "/CN=mainframe.philippeterson.com" \ + -addext "subjectAltName=DNS:mainframe.philippeterson.com,DNS:db.coldairnetworks.com" \ -keyout "$SSL_DIR/server.key" \ -out "$SSL_DIR/server.crt" chmod 600 "$SSL_DIR/server.key"