Create russian-trusted-ca.nix

Signed-off-by: Ivan Bushchik <ivabus@ivabus.dev>
This commit is contained in:
Ivan Bushchik 2024-01-06 16:43:29 +03:00
parent 163312cc03
commit 97332e32d5
No known key found for this signature in database
GPG key ID: 2F16FBF3262E090C
2 changed files with 15 additions and 0 deletions

View file

@ -7,6 +7,7 @@
./locale.nix ./locale.nix
./networking.nix ./networking.nix
./remote-access.nix ./remote-access.nix
./russian-trusted-ca.nix
./security.nix ./security.nix
./stateless.nix ./stateless.nix
./user.nix ./user.nix

View file

@ -0,0 +1,14 @@
{ config, pkgs,... }:
let
root_ca = pkgs.fetchurl {
url = "https://gu-st.ru/content/lending/russian_trusted_root_ca_pem.crt";
hash = "sha256-k2pD/qbo5SW8wPgazZw9IbT8S5torOp5BtaYAFr8ZQQ=";
};
sub_ca = pkgs.fetchurl {
url = "https://gu-st.ru/content/lending/russian_trusted_sub_ca_pem.crt";
hash = "sha256-8K5YnzZ3TynvNkj3mEsI1C/M5vH/7rYjbXc9rrJ0TqY=";
};
in {
security.pki.certificateFiles = [ "${root_ca}" "${sub_ca}" ];
}