summaryrefslogtreecommitdiff
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/security/pki/default.nix10
-rw-r--r--modules/services/nix-daemon.nix5
2 files changed, 13 insertions, 2 deletions
diff --git a/modules/security/pki/default.nix b/modules/security/pki/default.nix
index a92f2d5..d0f11d4 100644
--- a/modules/security/pki/default.nix
+++ b/modules/security/pki/default.nix
@@ -21,6 +21,14 @@ in
{
options = {
+ security.pki.installCACerts = mkOption {
+ type = types.bool;
+ default = true;
+ description = lib.mdDoc ''
+ Whether to enable certificate management with nix-darwin.
+ '';
+ };
+
security.pki.certificateFiles = mkOption {
type = types.listOf types.path;
default = [];
@@ -71,7 +79,7 @@ in
};
};
- config = {
+ config = mkIf cfg.installCACerts {
security.pki.certificateFiles = [ "${cacertPackage}/etc/ssl/certs/ca-bundle.crt" ];
diff --git a/modules/services/nix-daemon.nix b/modules/services/nix-daemon.nix
index 35476a0..584c226 100644
--- a/modules/services/nix-daemon.nix
+++ b/modules/services/nix-daemon.nix
@@ -63,7 +63,10 @@ in
serviceConfig.EnvironmentVariables = mkMerge [
config.nix.envVars
- { NIX_SSL_CERT_FILE = mkDefault config.environment.variables.NIX_SSL_CERT_FILE;
+ {
+ NIX_SSL_CERT_FILE = mkIf
+ (config.environment.variables ? NIX_SSL_CERT_FILE)
+ (mkDefault config.environment.variables.NIX_SSL_CERT_FILE);
TMPDIR = mkIf (cfg.tempDir != null) cfg.tempDir;
# FIXME: workaround for https://github.com/NixOS/nix/issues/2523
OBJC_DISABLE_INITIALIZE_FORK_SAFETY = mkDefault "YES";
generated by cgit v1.2.3 (git 2.25.1) at 2026-02-20 13:53:41 +0000