From f940a179053e54de0d46aada5b42502f7563f45f Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 20 Apr 2019 18:54:58 +0200
Subject: tv pki: immigrate certificate environment

---
 tv/2configs/default.nix     | 10 +---------
 tv/2configs/pki/default.nix | 14 ++++++++++++++
 2 files changed, 15 insertions(+), 9 deletions(-)
 create mode 100644 tv/2configs/pki/default.nix

diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index ac0a6af4..4fc755c4 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -17,6 +17,7 @@ with import <stockholm/lib>;
     ./bash
     ./htop.nix
     ./nginx
+    ./pki
     ./ssh.nix
     ./sshd.nix
     ./vim.nix
@@ -90,15 +91,6 @@ with import <stockholm/lib>;
       };
     }
 
-    {
-      environment.variables =
-        flip genAttrs (_: "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt") [
-          "CURL_CA_BUNDLE"
-          "GIT_SSL_CAINFO"
-          "SSL_CERT_FILE"
-        ];
-    }
-
     {
       services.cron.enable = false;
       services.nscd.enable = false;
diff --git a/tv/2configs/pki/default.nix b/tv/2configs/pki/default.nix
new file mode 100644
index 00000000..f22b9a6d
--- /dev/null
+++ b/tv/2configs/pki/default.nix
@@ -0,0 +1,14 @@
+with import <stockholm/lib>;
+{ config, ... }: let
+
+  certFile = config.environment.etc."ssl/certs/ca-certificates.crt".source;
+
+in {
+
+  environment.variables = flip genAttrs (_: toString certFile) [
+    "CURL_CA_BUNDLE"
+    "GIT_SSL_CAINFO"
+    "SSL_CERT_FILE"
+  ];
+
+}
-- 
cgit v1.2.3