cyplo/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

manage certs on darwin via nix

Browse source
This commit is contained in:
Cyryl Płotnicki 2022-10-05 14:04:38 +01:00
parent f444bbf342
commit bb9710df8a
2 changed files with 33 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
nixos/boxes/form3/default.nix
View file

@ -1,4 +1,11 @@
{ config, pkgs, inputs, lib, nixpkgs-nixos-unstable-and-unfree, ... }: { { config, pkgs, inputs, lib, nixpkgs-nixos-unstable-and-unfree, ... }:
let
system_cert_bundle_path = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
form3_cert_path = ./form3-palo-alto.pem;
form3_cert_bundle = builtins.toFile "form3-cert-bundle.crt"
(builtins.readFile system_cert_bundle_path
+ builtins.readFile form3_cert_path);
in {
environment.systemPackages = with pkgs; [ vim nixfmt ]; environment.systemPackages = with pkgs; [ vim nixfmt ];
imports = [ ../../git ../../mercurial ]; imports = [ ../../git ../../mercurial ];
@ -31,14 +38,13 @@
source-code-pro source-code-pro
weather-icons weather-icons
]; ];
security.pki.certificateFiles = [ security.pki.certificateFiles = [ form3_cert_path system_cert_bundle_path ];
"/Users/Shared/form3-certs/form3-palo-alto.pem"
"${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
];
environment.variables = { environment.variables = {
NIX_SSL_CERT_FILE = "/Users/cyryl/certs/bundle.crt"; NIX_SSL_CERT_FILE = form3_cert_bundle;
BUNDLE_SSL_CA_CERT = form3_cert_bundle;
CARGO_NET_GIT_FETCH_WITH_CLI = "true";
}; };
programs.zsh.enable = true; # default shell on catalina programs.zsh.enable = true;
system.stateVersion = 4; system.stateVersion = 4;

20
nixos/boxes/form3/form3-palo-alto.pem Normal file
View file

@ -0,0 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDUjCCAjqgAwIBAgIJAKGbgmk1v5iwMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNV
BAYTAkdCMSMwIQYDVQQKExpCYWNrIE9mZmljZSBUZWNobm9sb2d5IEx0ZDElMCMG
A1UEAxMccGFsby1hbHRvLnN5c3RlbXMuZm9ybTMudGVjaDAeFw0yMTAyMjMwOTQ4
MjlaFw0yNDAyMjMwOTQ4MjlaMFkxCzAJBgNVBAYTAkdCMSMwIQYDVQQKExpCYWNr
IE9mZmljZSBUZWNobm9sb2d5IEx0ZDElMCMGA1UEAxMccGFsby1hbHRvLnN5c3Rl
bXMuZm9ybTMudGVjaDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJ0C
6mwiX2JPtAyIfg8+LNLTBZbB/PsXYcbirUoA31cM/6uZK+9xYHD95WthpHA5yp4s
SUoP+KQiiAs6UHk8fvKkKDyiZYPzbFzWUAsWZwvplqfHgjOj9sGmzdBNlHI+JD7i
lfJrRk62veGrsubjoxMgzpvWRw0MO96YNMQA+l0DpT+v6CQPBdtKloXajMUiRBDI
pCaM2R7HLrCtuQVedP8n8E+X34G9h6tCJtOd4+kMNDdiAK176C9f6a1Qhj4aDkFb
tYoD5RC0jatqC7u7HhfmZn1jUC/OlQvKXKAmMNr55aycUiKQLGsksJHLcqvmD8XG
et01szQ0dQ2jW19sdZkCAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMC
AgQwDQYJKoZIhvcNAQELBQADggEBACL33t6vUJkmLwzbCXtIA0SCxxFKFfr0W7Sd
D15FPiNypFiF2LzHhLbAuCWHNsoQWeilxnIVZX75KDLBudn/zPXqwGh4O+2j3etN
AtZbJFnBH0A6bJRnopEfLz0qSanIVPV7YDqeS1Xotc/OK0/+Rkr0iUOmCrorfUAv
5kx4VSOOrg+tbzwqEp0YMq8aE+sVadFPshh1SfoTUQJ1a6qh7q3Wm0cPPvt0yf7A
NXFVlMb+Ti/GsqxKarS/wYWFm317wT+GXITXJGmHOyul9cY4Ko6jPg0lRH4Zd2Xj
sNB68Aax1FbduXZUa+ngGb8QYooEfusLPs05OTTl5ympJEtah3U=
-----END CERTIFICATE-----