summary refs log tree commit diff
path: root/nixos/modules/security/acme/mk-cert-ownership-assertion.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/security/acme/mk-cert-ownership-assertion.nix')
-rw-r--r--nixos/modules/security/acme/mk-cert-ownership-assertion.nix4
1 files changed, 4 insertions, 0 deletions
diff --git a/nixos/modules/security/acme/mk-cert-ownership-assertion.nix b/nixos/modules/security/acme/mk-cert-ownership-assertion.nix
new file mode 100644
index 00000000000..b80d89aeb9f
--- /dev/null
+++ b/nixos/modules/security/acme/mk-cert-ownership-assertion.nix
@@ -0,0 +1,4 @@
+{ cert, group, groups, user }: {
+  assertion = cert.group == group || builtins.any (u: u == user) groups.${cert.group}.members;
+  message = "Group for certificate ${cert.domain} must be ${group}, or user ${user} must be a member of group ${cert.group}";
+}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-04-19 06:06:14 +0000