diff options
| author | makefu <github@syntax-fehler.de> | 2023-09-28 23:22:59 +0200 |
|---|---|---|
| committer | makefu <github@syntax-fehler.de> | 2023-09-28 23:22:59 +0200 |
| commit | 2db6777b7caa37477c5ffddd99d69b2f2c6d9d7f (patch) | |
| tree | a72905fad73089b7ab295a948eda837bad013362 /tv/2configs/pki/default.nix | |
| parent | 29d72c898d674d2c18fc0f4a76b5e623de0c3dfe (diff) | |
| parent | 0215fbddccf206801d94f52518cbfec91ccc3cc5 (diff) | |
Merge remote-tracking branch 'lass/master'
Diffstat (limited to 'tv/2configs/pki/default.nix')
| -rw-r--r-- | tv/2configs/pki/default.nix | 68 |
1 files changed, 0 insertions, 68 deletions
diff --git a/tv/2configs/pki/default.nix b/tv/2configs/pki/default.nix deleted file mode 100644 index 415755b16..000000000 --- a/tv/2configs/pki/default.nix +++ /dev/null @@ -1,68 +0,0 @@ -with import ./lib; -{ config, pkgs, ... }: let - - certFile = config.environment.etc."ssl/certs/ca-certificates.crt".source; - -in { - - environment.etc."pki/nssdb".source = - pkgs.runCommand "system-wide-nssdb" { - inherit certFile; - buildInputs = [ - pkgs.jq - pkgs.nssTools - ]; - parseInfoScript = /* jq */ '' - ${toJSON certFile} as $certFile | - - split("\t-----END CERTIFICATE-----\n")[] | - select(test("\t-----BEGIN CERTIFICATE-----\n")) | - . + "\t-----END CERTIFICATE-----\n" | - - sub("^([0-9]+\t\n)*";"") | - - (match("^([0-9]+)\t").captures[0].string | tonumber) as $lineNumber | - - gsub("(?m)^[0-9]+\t";"") | - - match("^([^\n]+)\n(.*)";"m").captures | map(.string) | - - # Line numbers are added to the names to ensure uniqueness. - "\(.[0]) (\($certFile):\($lineNumber))" as $name | - .[1] as $cert | - - { $name, $cert } - ''; - passAsFile = [ - "parseInfoScript" - ]; - } /* sh */ '' - mkdir nssdb - - nl -ba -w1 "$certFile" | - jq -ceRs -f "$parseInfoScriptPath" > certinfo.ndjson - - exec < certinfo.ndjson - while read -r certinfo; do - name=$(printf %s "$certinfo" | jq -er .name) - cert=$(printf %s "$certinfo" | jq -er .cert) - - printf %s "$cert" | certutil -A -d nssdb -n "$name" -t C,C,C - done - - mv nssdb "$out" - ''; - - environment.variables = flip genAttrs (_: toString certFile) [ - "CURL_CA_BUNDLE" - "GIT_SSL_CAINFO" - "SSL_CERT_FILE" - ]; - - security.pki.certificateFiles = - mapAttrsToList - (name: const (./certs + "/${name}")) - (filterAttrs (const (eq "regular")) - (readDir ./certs)); - -} |