From 4fa7b5cdd14a0fee6edc8c8924e57422b0dcc9ef Mon Sep 17 00:00:00 2001
From: Yacine Hmito <6893840+yacinehmito@users.noreply.github.com>
Date: Fri, 10 Nov 2023 11:21:18 +0100
Subject: Add security.pki.installCACerts config

Made is possible to disable the management of
/etc/ssl/certs/ca-certificates.crt by Nix darwin.
---
 modules/services/nix-daemon.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'modules/services')

diff --git a/modules/services/nix-daemon.nix b/modules/services/nix-daemon.nix
index 35476a0..584c226 100644
--- a/modules/services/nix-daemon.nix
+++ b/modules/services/nix-daemon.nix
@@ -63,7 +63,10 @@ in
 
       serviceConfig.EnvironmentVariables = mkMerge [
         config.nix.envVars
-        { NIX_SSL_CERT_FILE = mkDefault config.environment.variables.NIX_SSL_CERT_FILE;
+        {
+          NIX_SSL_CERT_FILE = mkIf
+            (config.environment.variables ? NIX_SSL_CERT_FILE)
+            (mkDefault config.environment.variables.NIX_SSL_CERT_FILE);
           TMPDIR = mkIf (cfg.tempDir != null) cfg.tempDir;
           # FIXME: workaround for https://github.com/NixOS/nix/issues/2523
           OBJC_DISABLE_INITIALIZE_FORK_SAFETY = mkDefault "YES";
-- 
cgit v1.2.3