Ensure cert creation runs after user creation

author Scott Worley <scottworley@scottworley.com>

Wed, 22 Oct 2025 04:36:30 +0000 (21:36 -0700)

committer Scott Worley <scottworley@scottworley.com>

Wed, 22 Oct 2025 04:36:30 +0000 (21:36 -0700)
author Scott Worley <scottworley@scottworley.com>
Wed, 22 Oct 2025 04:36:30 +0000 (21:36 -0700)
committer Scott Worley <scottworley@scottworley.com>
Wed, 22 Oct 2025 04:36:30 +0000 (21:36 -0700)
diff --git a/modules/make-certs.nix b/modules/make-certs.nix

index e77c84dfdc59ae6959a8170b6746ae46cdf31e9a..a7dae4b552f4346051c4ca01614ff7bc7c58d635 100644 (file)
--- a/modules/make-certs.nix
+++ b/modules/make-certs.nix
@@ -1,13 +1,13 @@
  { lib, config, pkgs, ... }:
  let
-  inherit (lib) escapeShellArg;
+  inherit (lib) escapeShellArg stringAfter;
    mkActvationScript = name: cert-cfg:
      let
        pem-path = "${cert-cfg.dir}/${name}.pem";
        key-path = "${cert-cfg.dir}/${name}.key";
      in {
        name = "make-cert-${name}";
-      value = ''
+      value = stringAfter [ "users" ] (''
          if [[ ! -e ${escapeShellArg pem-path} ]];then
            ${pkgs.coreutils}/bin/mkdir -p ${escapeShellArg cert-cfg.dir}
            ${pkgs.openssl}/bin/openssl req -batch -x509 -newkey rsa:4096 \
@@ -22,7 +22,7 @@ let
        '' + lib.optionalString cert-cfg.print ''
          echo Public certificate for ${escapeShellArg name}: >&2
          ${pkgs.coreutils}/bin/cat ${escapeShellArg pem-path} >&2
-      '';
+      '');
      };
  in {
    options = {
author	Scott Worley <scottworley@scottworley.com>
	Wed, 22 Oct 2025 04:36:30 +0000 (21:36 -0700)
committer	Scott Worley <scottworley@scottworley.com>
	Wed, 22 Oct 2025 04:36:30 +0000 (21:36 -0700)