tv/2configs/pki/default.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

with import <stockholm/lib>;
{ config, ... }: let

  certFile = config.environment.etc."ssl/certs/ca-certificates.crt".source;

in {

  environment.variables = flip genAttrs (_: toString certFile) [
    "CURL_CA_BUNDLE"
    "GIT_SSL_CAINFO"
    "SSL_CERT_FILE"
  ];

  security.pki.certificateFiles =
    mapAttrsToList
      (name: const (./certs + "/${name}"))
      (filterAttrs (const (eq "regular"))
                   (readDir ./certs));

}