# unpackPhase
# patchPhase
# configurePhase
# buildPhase
# checkPhase
# installPhase
# fixupPhase
# installCheckPhase
# distPhase
{
  lib,
  stdenv,
  sqlite,
  cfssl,
  k8s,
  all_hostnames,
  controllers,
  ...
}:
let
  get_hostnames = (
    hostname: (builtins.concatStringsSep "," ([ hostname ] ++ controllers."${hostname}".internal_ips))
  );
  install_body = (
    lib.concatMapStringsSep "\n" (hostname: ''
      cfssl gencert \
            -ca=${k8s.requestheader-client-ca}/requestheader-client-ca.pem \
            -ca-key=${k8s.requestheader-client-ca}/requestheader-client-ca-key.pem \
            -config=${./files/ca-config.json} \
            -hostname=${get_hostnames hostname} \
            -profile=kubernetes \
            ${./files}/${hostname}-proxy-csr.json | cfssljson -bare ${hostname}-proxy
    '') (builtins.attrNames controllers)
  );
in
stdenv.mkDerivation (finalAttrs: {
  name = "k8s-controller-proxy";
  nativeBuildInputs = [ cfssl ];
  buildInputs = [ ];

  unpackPhase = "true";

  installPhase = ''
    mkdir -p "$out"
    cd "$out"
  ''
  + install_body;
})