Provide symlinks to ca-bundle.crt for compat with other distros
There is no "standard" location for the certificate bundle, so many programs/libraries have various hard-coded default locations that don't exist on NixOS. To make these more likely to work, provide some symlinks.
This commit is contained in:
parent
ca2d7774e0
commit
75e1b5e317
|
@ -2,6 +2,19 @@
|
|||
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
||||
caBundle = pkgs.runCommand "ca-bundle.crt"
|
||||
{ files =
|
||||
config.security.pki.certificateFiles ++
|
||||
[ (builtins.toFile "extra.crt" (concatStringsSep "\n" config.security.pki.certificates)) ];
|
||||
}
|
||||
''
|
||||
cat $files > $out
|
||||
'';
|
||||
|
||||
in
|
||||
|
||||
{
|
||||
|
||||
options = {
|
||||
|
@ -42,18 +55,13 @@ with lib;
|
|||
|
||||
security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ca-bundle.crt" ];
|
||||
|
||||
environment.etc =
|
||||
[ { source = pkgs.runCommand "ca-bundle.crt"
|
||||
{ files =
|
||||
config.security.pki.certificateFiles ++
|
||||
[ (builtins.toFile "extra.crt" (concatStringsSep "\n" config.security.pki.certificates)) ];
|
||||
}
|
||||
''
|
||||
cat $files > $out
|
||||
'';
|
||||
target = "ssl/certs/ca-bundle.crt";
|
||||
}
|
||||
];
|
||||
environment.etc."ssl/certs/ca-bundle.crt".source = caBundle;
|
||||
|
||||
# CentOS/Fedora compatibility.
|
||||
environment.etc."pki/tls/certs/ca-bundle.crt".source = caBundle;
|
||||
|
||||
# Debian/Ubuntu/Arch/Gentoo compatibility.
|
||||
environment.etc."ssl/certs/ca-certificates.crt".source = caBundle;
|
||||
|
||||
environment.sessionVariables =
|
||||
{ SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
|
||||
|
|
Loading…
Reference in New Issue