Add sas cacerts

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
2025-05-13 11:55:49 +01:00
parent d07e77a577
commit 0bc4665b87
9 changed files with 34 additions and 5 deletions
--- a/hosts/elara/configs/pki/default.nix
+++ b/hosts/elara/configs/pki/default.nix
@@ -0,0 +1,15 @@
 {
  config,
  inputs,
  system,
  lib,
  ...
 }:
 let
  selfPkgs = inputs.self.packages.${system};
 in
 {
  security.pki.certificateFiles = lib.lists.optionals config.sas.build.private [
    "${selfPkgs.sas-cacert}/etc/ssl/certs/ca-bundle.crt"
  ];
 }
--- a/hosts/elara/default.nix
+++ b/hosts/elara/default.nix
@@ -49,6 +49,7 @@
    ../common/configs/system/zsh
    ./configs/git
    ./configs/pki
    ./configs/vpn
    ./users/nikara
--- a/packages/default.nix
+++ b/packages/default.nix
@@ -34,6 +34,7 @@
  ssh-known-hosts-sas-gerrit = import ./ssh/known-hosts/sas/gerrit { inherit pkgs inputs system; };
  ssh-known-hosts-sas-gitlab = import ./ssh/known-hosts/sas/gitlab { inherit pkgs inputs system; };
  sas-cacert = import ./sas/cacert { inherit pkgs; };
  viya4-ark = import ./sas/viya4-ark { inherit pkgs; };
  viya4-orders-cli = import ./sas/viya4-orders-cli { inherit pkgs; };
 }
--- a/packages/sas/cacert/default.nix
+++ b/packages/sas/cacert/default.nix
@@ -0,0 +1,17 @@
 { pkgs, ... }:
 pkgs.stdenv.mkDerivation rec {
  pname = "sas-cacert";
  version = "0-unstable-2025-05-13";
  src = builtins.fetchurl {
    url = "http://certificates.sas.com/pki/sascacertsbundle.txt";
    sha256 = "sha256:0naqfhyh7ri1lxkyx8kdh4bmrd59j9gnfxfi12ggfqkii9n37lj6";
  };
  phases = [ "installPhase" ];
  installPhase = ''
    mkdir -p $out/etc/ssl/certs
    cp $src $out/etc/ssl/certs/ca-bundle.crt
  '';
 }
--- a/packages/ssh/known-hosts/github/default.nix
+++ b/packages/ssh/known-hosts/github/default.nix
@@ -4,7 +4,6 @@
  system,
  ...
 }:
 # AUTO-UPDATE: echo "Warning: Package using custom fetcher cannot be automatically updated." >&2
 pkgs.stdenv.mkDerivation rec {
  pname = "ssh-known-hosts-github";
  version = "0-unstable-2025-02-25";
--- a/packages/ssh/known-hosts/sas/artifact/default.nix
+++ b/packages/ssh/known-hosts/sas/artifact/default.nix
@@ -4,7 +4,6 @@
  system,
  ...
 }:
 # AUTO-UPDATE: echo "Warning: Package using custom fetcher cannot be automatically updated." >&2
 pkgs.stdenv.mkDerivation rec {
  pname = "ssh-known-hosts-sas-artifact";
  version = "0-unstable-2025-03-14";
--- a/packages/ssh/known-hosts/sas/cldlgn/default.nix
+++ b/packages/ssh/known-hosts/sas/cldlgn/default.nix
@@ -4,7 +4,6 @@
  system,
  ...
 }:
 # AUTO-UPDATE: echo "Warning: Package using custom fetcher cannot be automatically updated." >&2
 pkgs.stdenv.mkDerivation rec {
  pname = "ssh-known-hosts-sas-cldlgn";
  version = "0-unstable-2025-02-25";
--- a/packages/ssh/known-hosts/sas/gerrit/default.nix
+++ b/packages/ssh/known-hosts/sas/gerrit/default.nix
@@ -4,7 +4,6 @@
  system,
  ...
 }:
 # AUTO-UPDATE: echo "Warning: Package using custom fetcher cannot be automatically updated." >&2
 pkgs.stdenv.mkDerivation rec {
  pname = "ssh-known-hosts-sas-gerrit";
  version = "0-unstable-2025-02-25";
--- a/packages/ssh/known-hosts/sas/gitlab/default.nix
+++ b/packages/ssh/known-hosts/sas/gitlab/default.nix
@@ -4,7 +4,6 @@
  system,
  ...
 }:
 # AUTO-UPDATE: echo "Warning: Package using custom fetcher cannot be automatically updated." >&2
 pkgs.stdenv.mkDerivation rec {
  pname = "ssh-known-hosts-sas-gitlab";
  version = "0-unstable-2025-02-25";