# Create certificates if they do not exist yet
dir="${cfg.certificateDirectory}"
fqdn="${cfg.hostPrefix}.${cfg.domain}"
case $fqdn in /*) fqdn=$(cat "$fqdn");; esac
key="''${dir}/key-${cfg.domain}.pem";
cert="''${dir}/cert-${cfg.domain}.pem";

if [ ! -f "''${key}" ] || [ ! -f "''${cert}" ]
then
  mkdir -p "${cfg.certificateDirectory}"
  (umask 077; "${pkgs.openssl}/bin/openssl" genrsa -out "''${key}" 2048) &&
      "${pkgs.openssl}/bin/openssl" req -new -key "''${key}" -x509 -subj "/CN=''${fqdn}" \
              -days 3650 -out "''${cert}"
fi

# vim: set filetype=sh