1 files changed, 25 insertions, 0 deletions
diff --git a/tools/ca/default.nix b/tools/ca/default.nix
new file mode 100644
index 00000000..c5fe0cea
--- /dev/null
+++ b/tools/ca/default.nix
@@ -0,0 +1,25 @@
+{ system, self, mach-nix, leapseconds, ... }:
+let
+  pkgs = self.legacyPackages.${system};
+in mach-nix.lib.${system}.buildPythonPackage {
+  pname = "ca";
+  src = pkgs.lib.sourceByRegex ./. ["^setup\.py$" "^ca(/[^/]+.*)?$"];
+  version = "0.0.0";
+  ignoreDataOutdated = true;
+  requirements = ''
+    cryptography >=38.0.0
+    fqdn
+    atomicwrites
+    leapseconddata
+    xkcdpass
+  '';
+  _.cryptography.buildInputs = with pkgs; [ openssl ];
+  postInstall = ''
+    wrapProgram $out/bin/ca \
+      --set-default LEAPSECONDS_FILE ${leapseconds} \
+      --prefix PATH : ${pkgs.lib.makeBinPath (with pkgs; [sops])}
+  '';
+}

diff --git a/tools/ca/default.nix b/tools/ca/default.nix new file mode 100644 index 00000000..c5fe0cea --- /dev/null +++ b/tools/ca/default.nix
@@ -0,0 +1,25 @@
	1	{ system, self, mach-nix, leapseconds, ... }:
	2	let
	3	pkgs = self.legacyPackages.${system};
	4	in mach-nix.lib.${system}.buildPythonPackage {
	5	pname = "ca";
	6	src = pkgs.lib.sourceByRegex ./. ["^setup\.py$" "^ca(/[^/]+.*)?$"];
	7	version = "0.0.0";
	8	ignoreDataOutdated = true;
	9
	10	requirements = ''
	11	cryptography >=38.0.0
	12	fqdn
	13	atomicwrites
	14	leapseconddata
	15	xkcdpass
	16	'';
	17
	18	_.cryptography.buildInputs = with pkgs; [ openssl ];
	19
	20	postInstall = ''
	21	wrapProgram $out/bin/ca \
	22	--set-default LEAPSECONDS_FILE ${leapseconds} \
	23	--prefix PATH : ${pkgs.lib.makeBinPath (with pkgs; [sops])}
	24	'';
	25	}