mirrors/nix-darwin
mirrors/nix-darwin
1
0
Fork 0
mirror of https://github.com/LnL7/nix-darwin.git synced 2025-03-31 04:04:45 +00:00
Code Activity

Merge pull request #805 from yacinehmito/disable-pki

Browse source 
Add security.pki.installCACerts config
This commit is contained in:
Michael Hoang 2023-11-11 23:03:48 +11:00 committed by GitHub
commit 0f1ad80138
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 13 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
modules/security/pki/default.nix
View file

@ -21,6 +21,14 @@ in
{
options = {
security.pki.installCACerts = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
Whether to enable certificate management with nix-darwin.
'';
};
security.pki.certificateFiles = mkOption {
type = types.listOf types.path;
default = [];
@ -71,7 +79,7 @@ in
};
};
config = {
config = mkIf cfg.installCACerts {
security.pki.certificateFiles = [ "${cacertPackage}/etc/ssl/certs/ca-bundle.crt" ];

5
modules/services/nix-daemon.nix
View file

@ -63,7 +63,10 @@ in
serviceConfig.EnvironmentVariables = mkMerge [
config.nix.envVars
{ NIX_SSL_CERT_FILE = mkDefault config.environment.variables.NIX_SSL_CERT_FILE;
{
NIX_SSL_CERT_FILE = mkIf
(config.environment.variables ? NIX_SSL_CERT_FILE)
(mkDefault config.environment.variables.NIX_SSL_CERT_FILE);
TMPDIR = mkIf (cfg.tempDir != null) cfg.tempDir;
# FIXME: workaround for https://github.com/NixOS/nix/issues/2523
OBJC_DISABLE_INITIALIZE_FORK_SAFETY = mkDefault "YES";