mirrors/nix-darwin
1
0
Fork 0
mirror of https://github.com/LnL7/nix-darwin.git synced 2024-12-14 11:57:34 +00:00
Code Activity

Add security.pki.installCACerts config

Browse source 
Made is possible to disable the management of
/etc/ssl/certs/ca-certificates.crt by Nix darwin.
This commit is contained in:
Yacine Hmito 2023-11-10 11:21:18 +01:00
parent c8f385766b
commit 4fa7b5cdd1
2 changed files with 13 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
modules/security/pki/default.nix
View file

@ -21,6 +21,14 @@ in
{
options = {
security.pki.installCACerts = mkOption {
type = types.bool;
default = true;
description = lib.mdDoc ''
Whether to enable certificate management with nix-darwin.
'';
};
security.pki.certificateFiles = mkOption {
type = types.listOf types.path;
default = [];
@ -71,7 +79,7 @@ in
};
};
config = {
config = mkIf cfg.installCACerts {
security.pki.certificateFiles = [ "${cacertPackage}/etc/ssl/certs/ca-bundle.crt" ];

5
modules/services/nix-daemon.nix
View file

@ -63,7 +63,10 @@ in
serviceConfig.EnvironmentVariables = mkMerge [
config.nix.envVars
{ NIX_SSL_CERT_FILE = mkDefault config.environment.variables.NIX_SSL_CERT_FILE;
{
NIX_SSL_CERT_FILE = mkIf
(config.environment.variables ? NIX_SSL_CERT_FILE)
(mkDefault config.environment.variables.NIX_SSL_CERT_FILE);
TMPDIR = mkIf (cfg.tempDir != null) cfg.tempDir;
# FIXME: workaround for https://github.com/NixOS/nix/issues/2523
OBJC_DISABLE_INITIALIZE_FORK_SAFETY = mkDefault "YES";