nixos-mailserver/mail-server/script/create_certificate

17 lines
573 B
Bash

# Create certificates if they do not exist yet
dir="${cfg.certificateDirectory}"
fqdn="${cfg.hostPrefix}.${cfg.domain}"
case $fqdn in /*) fqdn=$(cat "$fqdn");; esac
key="''${dir}/key-${cfg.domain}.pem";
cert="''${dir}/cert-${cfg.domain}.pem";
if [ ! -f "''${key}" ] || [ ! -f "''${cert}" ]
then
mkdir -p "${cfg.certificateDirectory}"
(umask 077; "${pkgs.openssl}/bin/openssl" genrsa -out "''${key}" 2048) &&
"${pkgs.openssl}/bin/openssl" req -new -key "''${key}" -x509 -subj "/CN=''${fqdn}" \
-days 3650 -out "''${cert}"
fi
# vim: set filetype=sh