Provide symlinks to ca-bundle.crt for compat with other distros
There is no "standard" location for the certificate bundle, so many programs/libraries have various hard-coded default locations that don't exist on NixOS. To make these more likely to work, provide some symlinks.
This commit is contained in:
parent
ca2d7774e0
commit
75e1b5e317
@ -2,6 +2,19 @@
|
|||||||
|
|
||||||
with lib;
|
with lib;
|
||||||
|
|
||||||
|
let
|
||||||
|
|
||||||
|
caBundle = pkgs.runCommand "ca-bundle.crt"
|
||||||
|
{ files =
|
||||||
|
config.security.pki.certificateFiles ++
|
||||||
|
[ (builtins.toFile "extra.crt" (concatStringsSep "\n" config.security.pki.certificates)) ];
|
||||||
|
}
|
||||||
|
''
|
||||||
|
cat $files > $out
|
||||||
|
'';
|
||||||
|
|
||||||
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
|
|
||||||
options = {
|
options = {
|
||||||
@ -42,18 +55,13 @@ with lib;
|
|||||||
|
|
||||||
security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ca-bundle.crt" ];
|
security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ca-bundle.crt" ];
|
||||||
|
|
||||||
environment.etc =
|
environment.etc."ssl/certs/ca-bundle.crt".source = caBundle;
|
||||||
[ { source = pkgs.runCommand "ca-bundle.crt"
|
|
||||||
{ files =
|
# CentOS/Fedora compatibility.
|
||||||
config.security.pki.certificateFiles ++
|
environment.etc."pki/tls/certs/ca-bundle.crt".source = caBundle;
|
||||||
[ (builtins.toFile "extra.crt" (concatStringsSep "\n" config.security.pki.certificates)) ];
|
|
||||||
}
|
# Debian/Ubuntu/Arch/Gentoo compatibility.
|
||||||
''
|
environment.etc."ssl/certs/ca-certificates.crt".source = caBundle;
|
||||||
cat $files > $out
|
|
||||||
'';
|
|
||||||
target = "ssl/certs/ca-bundle.crt";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
environment.sessionVariables =
|
environment.sessionVariables =
|
||||||
{ SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
|
{ SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
|
||||||
|
Loading…
Reference in New Issue
Block a user