stuff

2024-11-12 12:00:16 -08:00
parent 6f8c93442b
commit 80e57ba1a8
3 changed files with 20 additions and 15 deletions
--- a/common/default.nix
+++ b/common/default.nix
@@ -59,6 +59,10 @@ if !builtins.elem vacuModuleType expectedModuleTypes then builtins.throw "error:
        "server"
      ];
    };
+    vacu.vnopnCA = mkOption {
+      readOnly = true;
+      type = types.str;
+    };
  };
  config = {
    # vacu.systemKind = lib.mkIf (vacuModuleType == "plain") ("server"); #TODO: should be mkDefault, removed for debugging
@@ -85,21 +89,20 @@ if !builtins.elem vacuModuleType expectedModuleTypes then builtins.throw "error:
      url = "https://cache.nixos.org/";
      keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" ];
    };
-    vacu.rootCAs = [
-      ''
-        -----BEGIN CERTIFICATE-----
-        MIIBnjCCAUWgAwIBAgIBBTAKBggqhkjOPQQDAjAgMQswCQYDVQQGEwJVUzERMA8G
-        A1UEAxMIdm5vcG4gQ0EwHhcNMjQwODEyMjExNTQwWhcNMzQwODEwMjExNTQwWjAg
-        MQswCQYDVQQGEwJVUzERMA8GA1UEAxMIdm5vcG4gQ0EwWTATBgcqhkjOPQIBBggq
-        hkjOPQMBBwNCAARqRbSeq00FfYUGeCHVkzwrjrydI56T12xy+iut0c4PemSuhyxC
-        AgfdKYtDqMNZmSqMaLihzkBenD0bN5i0ndjho3AwbjAPBgNVHRMBAf8EBTADAQH/
-        MCwGA1UdHgEB/wQiMCCgGDAKhwgKTkwA///8ADAKgggudDJkLmxhbqEEMAKBADAO
-        BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFAjSkbJQCQc1WP6nIP5iLDIKGFrdMAoG
-        CCqGSM49BAMCA0cAMEQCIFtyawkZqFhvzgmqG/mYNNO6DdsQTPQ46x/08yrEiiF4
-        AiA+FwAPqX+CBkaSdIhuhv1kIecmvacnDL5kpyB+9nDodw==
-        -----END CERTIFICATE-----
-      ''
-    ];
+    vacu.vnopnCA = ''
+      -----BEGIN CERTIFICATE-----
+      MIIBnjCCAUWgAwIBAgIBBTAKBggqhkjOPQQDAjAgMQswCQYDVQQGEwJVUzERMA8G
+      A1UEAxMIdm5vcG4gQ0EwHhcNMjQwODEyMjExNTQwWhcNMzQwODEwMjExNTQwWjAg
+      MQswCQYDVQQGEwJVUzERMA8GA1UEAxMIdm5vcG4gQ0EwWTATBgcqhkjOPQIBBggq
+      hkjOPQMBBwNCAARqRbSeq00FfYUGeCHVkzwrjrydI56T12xy+iut0c4PemSuhyxC
+      AgfdKYtDqMNZmSqMaLihzkBenD0bN5i0ndjho3AwbjAPBgNVHRMBAf8EBTADAQH/
+      MCwGA1UdHgEB/wQiMCCgGDAKhwgKTkwA///8ADAKgggudDJkLmxhbqEEMAKBADAO
+      BgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFAjSkbJQCQc1WP6nIP5iLDIKGFrdMAoG
+      CCqGSM49BAMCA0cAMEQCIFtyawkZqFhvzgmqG/mYNNO6DdsQTPQ46x/08yrEiiF4
+      AiA+FwAPqX+CBkaSdIhuhv1kIecmvacnDL5kpyB+9nDodw==
+      -----END CERTIFICATE-----
+    '';
+    vacu.rootCAs = [ config.vacu.vnopnCA ];

    vacu.ssh.authorizedKeys = {
      # pixel6pro-termux = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4LYvUe9dsQb9OaTDFI4QKPtMmOHOGLwWsXsEmcJW86";
--- a/common/defaultPackages.nix
+++ b/common/defaultPackages.nix
@@ -76,6 +76,7 @@ lib.mkMerge [
      killall
      git
      curl
+      gnutls
    ];
  }
 ]
--- a/flake.nix
+++ b/flake.nix
@@ -403,6 +403,7 @@
          wrappedSops = withAsserts plain.config.vacu.wrappedSops;
          dns = withAsserts import ./scripts/dns { inherit pkgs lib inputs; inherit (plain) config; };
          # dnsOptions = (pkgs.nixosOptionsDoc { options = dnsModule.options; }).optionsCommonMark;
+          vnopnCA = pkgs.writeText "vnopnCA.cert" plain.config.vacu.vnopnCA;
          nixvim = inputs.nixvim.legacyPackages.${system}.makeNixvimWithModule {
            extraSpecialArgs = {
              inputs = { };