freyaCA

7 files changed, 87 insertions, 3 deletions

diff --git a/home-config/home-configuration.scm b/home-config/home-configuration.scm
index 2aac656..701e377 100644
--- a/home-config/home-configuration.scm
+++ b/home-config/home-configuration.scm
@@ -21,6 +21,7 @@
              (home-packages vim)
              (home-packages gnome-xyz)
              (home-packages shells)
+             (home-packages certs)
              (home-packages audio))
 
 
@@ -88,6 +89,7 @@
                   firefox-wayland-new 
                   lavanda-gtk-theme 
                   zsh-autosuggestions
+                  freya-ca-certs
                   vim-plug)))
 
   ;; Below is the list of Home services.  To search for available
diff --git a/home-config/ssh/config b/home-config/ssh/config
index 65fad34..9bd4669 100644
--- a/home-config/ssh/config
+++ b/home-config/ssh/config
@@ -26,6 +26,6 @@ Host github.com
     User tam2214
     IdentityFile /home/tylerm/.ssh/id_rit
 
-Host *
-    KexAlgorithms -sntrup761x25519-sha512@openssh.com
+#Host *
+#    KexAlgorithms -sntrup761x25519-sha512@openssh.com
 
diff --git a/home-config/zsh/zprofile b/home-config/zsh/zprofile
index 170786c..050131a 100644
--- a/home-config/zsh/zprofile
+++ b/home-config/zsh/zprofile
@@ -48,6 +48,10 @@ export PATH=$PATH:$LOCAL_PROFILE/bin
 export CC=$(which gcc)
 export LD=$(which gcc)
 
+# Setup certs
+export SSL_CERT_FILE=/run/current-system/profile/etc/ssl/certs/ca-certificates.crt
+export SSL_CERT_DIR=/run/current-system/profile/etc/ssl/certs
+
 # start sway only once and on the primary tty
 if [ -z "${DISPLAY}" ] && [ "${XDG_VTNR}" -eq 1 ]; then
 #    dbus-run-session Hyprland &> .log/hyprland
diff --git a/modules/home-config/base-system.scm b/modules/home-config/base-system.scm
index ad53316..842c28a 100644
--- a/modules/home-config/base-system.scm
+++ b/modules/home-config/base-system.scm
@@ -27,7 +27,9 @@
            #:use-module (gnu services avahi)
            #:use-module (gnu services spice)
            #:use-module (gnu services virtualization)
+           #:use-module (home-services ntp)
            #:use-module (home-packages wm)
+           #:use-module (home-packages certs)
            #:use-module (home-packages virtualization))
 
 (define %my-base-packages
@@ -70,6 +72,7 @@
                                                              "sof-firmware"
                                                              "intel-microcode"
                                                              "alsa-utils"
+                                                             "chrony"
                                                              "swayidle"
                                                              "dconf"
                                                              "alacritty"
@@ -121,7 +124,7 @@
                                                              "libpcap"
                                                              "v4l2loopback-linux-module"
                                                              "neovim"))
-                           (list swaylock-effects-new virt-manager-new)
+                           (list swaylock-effects-new virt-manager-new freya-ca-certs)
                            %my-base-packages))
 
          ;; Below is the list of system services. TO search for available
@@ -145,6 +148,7 @@
                       (publish? #f) ;; do not advertise this machiene
                       (publish-workstation? #f))) ; do not advertise, I want this to be as silent as possible
                (service docker-service-type)
+               ;(service chrony-sericve-type)
                (service nix-service-type)
                (service libvirt-service-type
                         (libvirt-configuration
diff --git a/modules/home-config/ca-certs/freya_ca.crt b/modules/home-config/ca-certs/freya_ca.crt
new file mode 100644
index 0000000..06be120
--- /dev/null
+++ b/modules/home-config/ca-certs/freya_ca.crt
@@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBnDCCAUKgAwIBAgIRANSS7G2uorge5TXlGr7z2qswCgYIKoZIzj0EAwIwLDEQ
+MA4GA1UEChMHZnJleWFDQTEYMBYGA1UEAxMPZnJleWFDQSBSb290IENBMB4XDTIz
+MTAwNDIxMzczMFoXDTMzMTAwMTIxMzczMFowLDEQMA4GA1UEChMHZnJleWFDQTEY
+MBYGA1UEAxMPZnJleWFDQSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
+QgAEvyoFgV7LYPyYzubVKEAmDRtp/1Fd/+/txbFBOXE0lX3EC0pPgfr2G8S7FC5P
+aNv+ZxmnSSI8vLJbVofLKNu3GaNFMEMwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB
+/wQIMAYBAf8CAQEwHQYDVR0OBBYEFIWAMA1zgd/KEOAV/26yfuJS48O1MAoGCCqG
+SM49BAMCA0gAMEUCIQDX9oivOL5hueuikrAEoiVw0jwTOOQ51zEQD1v4Xlp1RQIg
+LitR7EYp6R0ejK66ZSE0cUdsF/4WbgtrlS3p/MQgDdw=
+-----END CERTIFICATE-----
diff --git a/modules/home-config/ca-certs/freya_intermediate.crt b/modules/home-config/ca-certs/freya_intermediate.crt
new file mode 100644
index 0000000..44bfa35
--- /dev/null
+++ b/modules/home-config/ca-certs/freya_intermediate.crt
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBxTCCAWqgAwIBAgIQKD7wGJ+2vQCA1+8z2waLiTAKBggqhkjOPQQDAjAsMRAw
+DgYDVQQKEwdmcmV5YUNBMRgwFgYDVQQDEw9mcmV5YUNBIFJvb3QgQ0EwHhcNMjMx
+MDA0MjEzNzMxWhcNMzMxMDAxMjEzNzMxWjA0MRAwDgYDVQQKEwdmcmV5YUNBMSAw
+HgYDVQQDExdmcmV5YUNBIEludGVybWVkaWF0ZSBDQTBZMBMGByqGSM49AgEGCCqG
+SM49AwEHA0IABAygCEQ06w0AKgqXVWCL1iX0oRqS6QEb0VY49zZimPRVmI+FdJ0O
+KB4kANOJABYyFfpzoK9omJXdz6BvsFHx6c+jZjBkMA4GA1UdDwEB/wQEAwIBBjAS
+BgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBQFRP1PrOhDg13b9m/oPHg4IAuy
+KjAfBgNVHSMEGDAWgBSFgDANc4HfyhDgFf9usn7iUuPDtTAKBggqhkjOPQQDAgNJ
+ADBGAiEAoY0OsXihuhxIQAx8Fp5agkE70UaOHmT5JLJhVGH7sQYCIQCzId4kEMJ8
+N4/afVgJI7R5hHbcu1Wge40SSkMx1pplFA==
+-----END CERTIFICATE-----
diff --git a/modules/home-packages/certs.scm b/modules/home-packages/certs.scm
new file mode 100644
index 0000000..5e356f8
--- /dev/null
+++ b/modules/home-packages/certs.scm
@@ -0,0 +1,51 @@
+(define-module (home-packages certs)
+               #:use-module ((guix licenses) #:prefix license:)
+               #:use-module (guix gexp)
+               #:use-module (guix build-system trivial)
+               #:use-module (guix utils)
+               #:use-module (guix packages)
+               #:use-module (gnu packages)
+               #:use-module (gnu packages tls)
+               #:use-module (gnu packages linux)
+               #:use-module (gnu packages base))
+
+(define-public freya-ca-certs
+  (package
+    (name "freya-ca-certs")
+    (version "1")
+    (source (local-file "../home-config/ca-certs"
+                        #:recursive? #t))
+    (build-system trivial-build-system)
+    (license license:mpl2.0)
+    (home-page "https://tylerm.dev")
+    (arguments
+      `(#:modules
+        ((guix build utils))
+        #:builder
+        (begin
+          (use-modules (guix build utils)
+                       (srfi srfi-1)
+                       (srfi srfi-26)
+                       (ice-9 ftw))
+          (let* ((ca-certificates (assoc-ref %build-inputs "source"))
+                 (crt-suffix ".crt")
+                 (is-certificate? (cut string-suffix? crt-suffix <>))
+                 (certificates (filter is-certificate?
+                                       (scandir ca-certificates)))
+                 (out (assoc-ref %outputs "out"))
+                 (certificate-directory (string-append out "/etc/ssl/certs"))
+                 (openssl (string-append (assoc-ref %build-inputs "openssl") "/bin/openssl")))
+            (mkdir-p certificate-directory)
+            (for-each
+              (lambda (cert)
+                (invoke
+                  openssl "x509"
+                  "-in" (string-append ca-certificates "/" cert)
+                  "-outform" "PEM"
+                  "-out" (string-append certificate-directory "/" cert ".pem")))
+              certificates)
+            #t))))
+    (native-inputs
+      (list openssl))
+    (synopsis "freya ca certs")
+    (description synopsis)))