From 0c4f3acb281be6290c55a6e96bc29fab5b5c7a11 Mon Sep 17 00:00:00 2001 From: tv Date: Mon, 11 Sep 2023 18:24:28 +0200 Subject: stockholm -> hrm --- tv/2configs/pki/certs/tv.crt | 31 -------------------- tv/2configs/pki/default.nix | 68 -------------------------------------------- tv/2configs/pki/lib | 1 - 3 files changed, 100 deletions(-) delete mode 100644 tv/2configs/pki/certs/tv.crt delete mode 100644 tv/2configs/pki/default.nix delete mode 120000 tv/2configs/pki/lib (limited to 'tv/2configs/pki') diff --git a/tv/2configs/pki/certs/tv.crt b/tv/2configs/pki/certs/tv.crt deleted file mode 100644 index ccb2623..0000000 --- a/tv/2configs/pki/certs/tv.crt +++ /dev/null @@ -1,31 +0,0 @@ -tv Root CA ------BEGIN CERTIFICATE----- -MIIFGzCCAwOgAwIBAgIUbLFkDA1OgKbej/FQiJZ4gpGPg/4wDQYJKoZIhvcNAQEL -BQAwFTETMBEGA1UEAwwKdHYgUm9vdCBDQTAeFw0xOTA0MjEwNzI1MTdaFw0yOTA0 -MTgwNzI1MTdaMBUxEzARBgNVBAMMCnR2IFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEB -AQUAA4ICDwAwggIKAoICAQDEVpZo1PLayK2AULwNtRY/2RIs/h+Uz1k/I7AY5o7H -HTD6pxNH3DZS82Y89nAHDVEnotK26TW6N1O2fBHUxH2GXVD+MaA/D9ngbNTJa7DW -2EThezOyesAbXk7dkoHh4Bouj5L7Ronka5+IREFmb3mHmcXLuR/sot9Pwr9A7Lwm -55Avv+VwMFnqVMXiCYQsDL7Mxf7Vm79+kXShpfDhNmHhyZc/xPjVk7lttSEp0LCq -hhJjte3xDGbk7OThTSxoqP+K4Ek7NGatCcm4AUZlDl1kLN2QKudYqj0VRQpfE+4Q -jMAAtttc/10MV0e08pRK0FvJsDsi70YZrHnDP6hIBrRNjC8iB/8rz2pjnYzgriUt -HHEDr26234VB5Zqhsi8pmXA16FVkoKlucADXXKEcR/3VreTvZLdSsP3OrDdSCwhi -H2W/7tshDPp+I9Q9fGNixry7PODbud1h/wLsq3Geg/U6VkDdl7uDNMB/O7LvlFaC -7jkHv/xFLqV1Xx9+yFMdJTKLf9jnIIjeINfV4VcJZDrtgGpnC6cYD5DNLA4j7Mny -EnBV9IRhmKiZLvUZP62dPhqIfSSPNxXV2+rT5ZfaXCuVe79R5npgJzF7/qslvnZ6 -0mjZfQdJiXY+/oT9zPUxTroFx7Qtda15aIVwXR+1cMRY/Hg/uBQyp7yWsvwhPYwH -awIDAQABo2MwYTAdBgNVHQ4EFgQUWYjGpR7J/UqggxQV87hBQ8ZT0qkwHwYDVR0j -BBgwFoAUWYjGpR7J/UqggxQV87hBQ8ZT0qkwDwYDVR0TAQH/BAUwAwEB/zAOBgNV -HQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAA++eAA7KLEd4n05n8w95sJ7 -cxqQSkVxV3ASnEUQRwVGo3CqEKcNufbCTG7KKGQFUi2Xd3/SWgnEiSZZWo06azbV -vlquG+9ilwnrnqfjlbUEjLMHDzukrEeIiRuFY7gZv6S2o4WkW/M9IPkP34+PRjip -AJ8kFcy7wLPaeH7OagslAVUcf68lMm+8W4U1g0HZaY2zXFgdRrIO1dXKlJ22Wh4X -fcblHjkASAGi+BK+xRJ9G7s3sie2wPyk+WKKv0Z+WheKf+L+TPBg2sJ+d25gW+gG -XNJSQOzCqSfHrCtcW1xkGgifog28/ymN03ggn8oMBUebOp+ayLkbPQDaj6te3y1v -YE0cfkzQ0T6sSzPzoOrwBEuSX8cLWTpzO2Zgqbf36UtHjgxi58vY46p7MjAInxAf -j+k67rF7qWH38drg4nfGjNgiEdeJw9dtDFdmso+ZiWipUyGF4VYh+Q6JnXDMF0+A -wXcYWa7ckXvVOLVpHJfrLDYTXznGnk2u4ToVNEk1j/klMRn96lxfFg04iv8fz8m6 -/Y8g0G1uIT5Mq9l68oZUoEkUHZabPNhYOiYtg4t5v/T3AIV8nm2A5jZYj0am26xT -iqF/tqL3alWXs9OHP7FNdrVWtwO8vcspYcd4mOHdAC/dmhq+77BowR5Lldx9T+mR -QT8jW9PXL0IH0wKMBXxf ------END CERTIFICATE----- diff --git a/tv/2configs/pki/default.nix b/tv/2configs/pki/default.nix deleted file mode 100644 index 415755b..0000000 --- a/tv/2configs/pki/default.nix +++ /dev/null @@ -1,68 +0,0 @@ -with import ./lib; -{ config, pkgs, ... }: let - - certFile = config.environment.etc."ssl/certs/ca-certificates.crt".source; - -in { - - environment.etc."pki/nssdb".source = - pkgs.runCommand "system-wide-nssdb" { - inherit certFile; - buildInputs = [ - pkgs.jq - pkgs.nssTools - ]; - parseInfoScript = /* jq */ '' - ${toJSON certFile} as $certFile | - - split("\t-----END CERTIFICATE-----\n")[] | - select(test("\t-----BEGIN CERTIFICATE-----\n")) | - . + "\t-----END CERTIFICATE-----\n" | - - sub("^([0-9]+\t\n)*";"") | - - (match("^([0-9]+)\t").captures[0].string | tonumber) as $lineNumber | - - gsub("(?m)^[0-9]+\t";"") | - - match("^([^\n]+)\n(.*)";"m").captures | map(.string) | - - # Line numbers are added to the names to ensure uniqueness. - "\(.[0]) (\($certFile):\($lineNumber))" as $name | - .[1] as $cert | - - { $name, $cert } - ''; - passAsFile = [ - "parseInfoScript" - ]; - } /* sh */ '' - mkdir nssdb - - nl -ba -w1 "$certFile" | - jq -ceRs -f "$parseInfoScriptPath" > certinfo.ndjson - - exec < certinfo.ndjson - while read -r certinfo; do - name=$(printf %s "$certinfo" | jq -er .name) - cert=$(printf %s "$certinfo" | jq -er .cert) - - printf %s "$cert" | certutil -A -d nssdb -n "$name" -t C,C,C - done - - mv nssdb "$out" - ''; - - environment.variables = flip genAttrs (_: toString certFile) [ - "CURL_CA_BUNDLE" - "GIT_SSL_CAINFO" - "SSL_CERT_FILE" - ]; - - security.pki.certificateFiles = - mapAttrsToList - (name: const (./certs + "/${name}")) - (filterAttrs (const (eq "regular")) - (readDir ./certs)); - -} diff --git a/tv/2configs/pki/lib b/tv/2configs/pki/lib deleted file mode 120000 index dc598c5..0000000 --- a/tv/2configs/pki/lib +++ /dev/null @@ -1 +0,0 @@ -../lib \ No newline at end of file -- cgit v1.2.3