Add security.pki.installCACerts config

Made is possible to disable the management of /etc/ssl/certs/ca-certificates.crt by Nix darwin.
author: Yacine Hmito <6893840+yacinehmito@users.noreply.github.com> 2023-11-10 11:21:18 +0100
committer: Yacine Hmito <6893840+yacinehmito@users.noreply.github.com> 2023-11-11 12:36:28 +0100
commit: 4fa7b5cdd14a0fee6edc8c8924e57422b0dcc9ef (patch)
tree: e4b80967493d2c5ae1c3ee1183995a9771d7f100 /modules/security
parent: c8f385766ba076a096caa794309c40f89894d88a (diff)
1 files changed, 9 insertions, 1 deletions
diff --git a/modules/security/pki/default.nix b/modules/security/pki/default.nix
index a92f2d5..d0f11d4 100644
--- a/modules/security/pki/default.nix
+++ b/modules/security/pki/default.nix
@@ -21,6 +21,14 @@ in
 
 {
   options = {
+    security.pki.installCACerts = mkOption {
+      type = types.bool;
+      default = true;
+      description = lib.mdDoc ''
+        Whether to enable certificate management with nix-darwin.
+      '';
+    };
+
     security.pki.certificateFiles = mkOption {
       type = types.listOf types.path;
       default = [];
@@ -71,7 +79,7 @@ in
     };
   };
 
-  config = {
+  config = mkIf cfg.installCACerts {
 
     security.pki.certificateFiles = [ "${cacertPackage}/etc/ssl/certs/ca-bundle.crt" ];
author	Yacine Hmito <6893840+yacinehmito@users.noreply.github.com>	2023-11-10 11:21:18 +0100
committer	Yacine Hmito <6893840+yacinehmito@users.noreply.github.com>	2023-11-11 12:36:28 +0100
commit	4fa7b5cdd14a0fee6edc8c8924e57422b0dcc9ef (patch)
tree	e4b80967493d2c5ae1c3ee1183995a9771d7f100 /modules/security
parent	c8f385766ba076a096caa794309c40f89894d88a (diff)