From 4bdadd098d966ea53eba99743959040414096644 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Torjus=20H=C3=A5kestad?= Date: Sat, 30 Nov 2024 19:50:42 +0100 Subject: [PATCH] Add internal CA --- home/packages/default.nix | 1 + system/default.nix | 1 + system/root-ca.crt | 12 ++++++++++++ system/root-ca.nix | 9 +++++++++ 4 files changed, 23 insertions(+) create mode 100644 system/root-ca.crt create mode 100644 system/root-ca.nix diff --git a/home/packages/default.nix b/home/packages/default.nix index f50b635..48d156c 100644 --- a/home/packages/default.nix +++ b/home/packages/default.nix @@ -45,6 +45,7 @@ in ripgrep sops sshfs + step-cli tea tldr tokei diff --git a/system/default.nix b/system/default.nix index ce7c693..cc71da1 100644 --- a/system/default.nix +++ b/system/default.nix @@ -1,6 +1,7 @@ { imports = [ ./fonts.nix + ./root-ca.nix ./fwupd.nix ./git.nix ./greetd.nix diff --git a/system/root-ca.crt b/system/root-ca.crt new file mode 100644 index 0000000..15d8ec5 --- /dev/null +++ b/system/root-ca.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBxDCCAWmgAwIBAgIQQCSzuOLIKLj1dGbC+NFttjAKBggqhkjOPQQDAjBAMRow +GAYDVQQKExFob21lLjJyanVzLm5ldCBDQTEiMCAGA1UEAxMZaG9tZS4ycmp1cy5u +ZXQgQ0EgUm9vdCBDQTAeFw0yNDEwMjEwOTEyNDRaFw0zNDEwMTkwOTEyNDRaMEAx +GjAYBgNVBAoTEWhvbWUuMnJqdXMubmV0IENBMSIwIAYDVQQDExlob21lLjJyanVz +Lm5ldCBDQSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEGDE4ss9y +9msphQ/Sa/tAoEaGoDHQcg5oRcxWL5SZYjUPNl+zbRZzqkvCz2S1XrHJPiPWbyJX +cZAlPxbwZrWDyKNFMEMwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C +AQEwHQYDVR0OBBYEFPZx6AahX5diBMChZbv5N4dh+vCTMAoGCCqGSM49BAMCA0kA +MEYCIQC6yqMM9/s1Dct5jlq0NAGsDA68hVTDcO3RP61lxQlfBwIhAL1jlmIwaSJc +TjdIMjPQ3ombBRqDJBDvDr8o6oOUjret +-----END CERTIFICATE----- diff --git a/system/root-ca.nix b/system/root-ca.nix new file mode 100644 index 0000000..5e5ff78 --- /dev/null +++ b/system/root-ca.nix @@ -0,0 +1,9 @@ +{ pkgs, ... }: +{ + security.pki = { + certificateFiles = [ + "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" + ./root-ca.crt + ]; + }; +}