tv pki: immigrate certificate environment

2 files changed, 15 insertions, 9 deletions

diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index ac0a6af4..4fc755c4 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -17,6 +17,7 @@ with import <stockholm/lib>;
     ./bash
     ./htop.nix
     ./nginx
+    ./pki
     ./ssh.nix
     ./sshd.nix
     ./vim.nix
@@ -91,15 +92,6 @@ with import <stockholm/lib>;
     }
 
     {
-      environment.variables =
-        flip genAttrs (_: "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt") [
-          "CURL_CA_BUNDLE"
-          "GIT_SSL_CAINFO"
-          "SSL_CERT_FILE"
-        ];
-    }
-
-    {
       services.cron.enable = false;
       services.nscd.enable = false;
       services.ntp.enable = false;
diff --git a/tv/2configs/pki/default.nix b/tv/2configs/pki/default.nix
new file mode 100644
index 00000000..f22b9a6d
--- /dev/null
+++ b/tv/2configs/pki/default.nix
@@ -0,0 +1,14 @@
+with import <stockholm/lib>;
+{ config, ... }: let
+
+  certFile = config.environment.etc."ssl/certs/ca-certificates.crt".source;
+
+in {
+
+  environment.variables = flip genAttrs (_: toString certFile) [
+    "CURL_CA_BUNDLE"
+    "GIT_SSL_CAINFO"
+    "SSL_CERT_FILE"
+  ];
+
+}