Provide symlinks to ca-bundle.crt for compat with other distros

There is no "standard" location for the certificate bundle, so many programs/libraries have various hard-coded default locations that don't exist on NixOS. To make these more likely to work, provide some symlinks.
2015-02-15 18:55:07 +01:00 · 2015-02-15 18:55:07 +01:00 · 75e1b5e317
commit 75e1b5e317
parent ca2d7774e0
1 changed files with 20 additions and 12 deletions
--- a/nixos/modules/security/ca.nix
+++ b/nixos/modules/security/ca.nix
@ -2,6 +2,19 @@

 with lib;

+let
+
+  caBundle = pkgs.runCommand "ca-bundle.crt"
+    { files =
+        config.security.pki.certificateFiles ++
+        [ (builtins.toFile "extra.crt" (concatStringsSep "\n" config.security.pki.certificates)) ];
+     }
+    ''
+      cat $files > $out
+    '';
+
+in
+
 {

  options = {
@ -42,18 +55,13 @@ with lib;

    security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ca-bundle.crt" ];

-    environment.etc =
-      [ { source = pkgs.runCommand "ca-bundle.crt"
-          { files =
-              config.security.pki.certificateFiles ++
-              [ (builtins.toFile "extra.crt" (concatStringsSep "\n" config.security.pki.certificates)) ];
-           }
-          ''
-            cat $files > $out
-          '';
-          target = "ssl/certs/ca-bundle.crt";
-        }
-      ];
+    environment.etc."ssl/certs/ca-bundle.crt".source = caBundle;
+
+    # CentOS/Fedora compatibility.
+    environment.etc."pki/tls/certs/ca-bundle.crt".source = caBundle;
+
+    # Debian/Ubuntu/Arch/Gentoo compatibility.
+    environment.etc."ssl/certs/ca-certificates.crt".source = caBundle;

    environment.sessionVariables =
      { SSL_CERT_FILE          = "/etc/ssl/certs/ca-bundle.crt";