diff options
Diffstat (limited to 'nixos/modules/security/acme/mk-cert-ownership-assertion.nix')
-rw-r--r-- | nixos/modules/security/acme/mk-cert-ownership-assertion.nix | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/nixos/modules/security/acme/mk-cert-ownership-assertion.nix b/nixos/modules/security/acme/mk-cert-ownership-assertion.nix new file mode 100644 index 0000000000000..b80d89aeb9fc6 --- /dev/null +++ b/nixos/modules/security/acme/mk-cert-ownership-assertion.nix @@ -0,0 +1,4 @@ +{ cert, group, groups, user }: { + assertion = cert.group == group || builtins.any (u: u == user) groups.${cert.group}.members; + message = "Group for certificate ${cert.domain} must be ${group}, or user ${user} must be a member of group ${cert.group}"; +} |