tv pki: immigrate certificate environment

2019-04-20 18:54:58 +02:00 · 2019-04-20 18:54:58 +02:00 · f940a17905
parent d825d2db87
commit f940a17905
2 changed files with 15 additions and 9 deletions
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@ -17,6 +17,7 @@ with import <stockholm/lib>;
    ./bash
    ./htop.nix
    ./nginx
+    ./pki
    ./ssh.nix
    ./sshd.nix
    ./vim.nix
@ -90,15 +91,6 @@ with import <stockholm/lib>;
      };
    }

-    {
-      environment.variables =
-        flip genAttrs (_: "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt") [
-          "CURL_CA_BUNDLE"
-          "GIT_SSL_CAINFO"
-          "SSL_CERT_FILE"
-        ];
-    }
-
    {
      services.cron.enable = false;
      services.nscd.enable = false;
--- a/tv/2configs/pki/default.nix
+++ b/tv/2configs/pki/default.nix
@ -0,0 +1,14 @@
+with import <stockholm/lib>;
+{ config, ... }: let
+
+  certFile = config.environment.etc."ssl/certs/ca-certificates.crt".source;
+
+in {
+
+  environment.variables = flip genAttrs (_: toString certFile) [
+    "CURL_CA_BUNDLE"
+    "GIT_SSL_CAINFO"
+    "SSL_CERT_FILE"
+  ];
+
+}