From: Scott Worley <scottworley@scottworley.com>
Date: Thu, 25 Sep 2025 22:13:03 +0000 (-0700)
Subject: Option to print the certificate during activation
X-Git-Url: http://git.scottworley.com/nixos-make-certs/commitdiff_plain/6c45062740e80eefefe5f0537495e65bfd6ebae2?ds=sidebyside

Option to print the certificate during activation

This makes it easy to extract certificates from VMs.
---

diff --git a/modules/make-certs.nix b/modules/make-certs.nix
index 812c5a0..e77c84d 100644
--- a/modules/make-certs.nix
+++ b/modules/make-certs.nix
@@ -19,6 +19,9 @@ let
             escapeShellArg key-path
           }
         fi
+      '' + lib.optionalString cert-cfg.print ''
+        echo Public certificate for ${escapeShellArg name}: >&2
+        ${pkgs.coreutils}/bin/cat ${escapeShellArg pem-path} >&2
       '';
     };
 in {
@@ -38,6 +41,11 @@ in {
             # so just make really long-lived certificates for now.
             default = "99999";
           };
+          print = lib.mkOption {
+            type = lib.types.bool;
+            description = "If set, print the certificate (public key) during activation.";
+            default = false;
+          };
           user = lib.mkOption {
             type = lib.types.str;
             description = "The username that owns (can read) the secret key.";