From 72da935ae271e0a6654a97460bf0d01ee4a95f24 Mon Sep 17 00:00:00 2001 From: Tyler Murphy Date: Wed, 4 Oct 2023 22:34:41 -0400 Subject: [PATCH] freyaCA --- home-config/home-configuration.scm | 2 + home-config/ssh/config | 4 +- home-config/zsh/zprofile | 4 ++ modules/home-config/base-system.scm | 6 ++- modules/home-config/ca-certs/freya_ca.crt | 11 ++++ .../ca-certs/freya_intermediate.crt | 12 +++++ modules/home-packages/certs.scm | 51 +++++++++++++++++++ 7 files changed, 87 insertions(+), 3 deletions(-) create mode 100644 modules/home-config/ca-certs/freya_ca.crt create mode 100644 modules/home-config/ca-certs/freya_intermediate.crt create mode 100644 modules/home-packages/certs.scm diff --git a/home-config/home-configuration.scm b/home-config/home-configuration.scm index 2aac656..701e377 100644 --- a/home-config/home-configuration.scm +++ b/home-config/home-configuration.scm @@ -21,6 +21,7 @@ (home-packages vim) (home-packages gnome-xyz) (home-packages shells) + (home-packages certs) (home-packages audio)) @@ -88,6 +89,7 @@ firefox-wayland-new lavanda-gtk-theme zsh-autosuggestions + freya-ca-certs vim-plug))) ;; Below is the list of Home services. To search for available diff --git a/home-config/ssh/config b/home-config/ssh/config index 65fad34..9bd4669 100644 --- a/home-config/ssh/config +++ b/home-config/ssh/config @@ -26,6 +26,6 @@ Host github.com User tam2214 IdentityFile /home/tylerm/.ssh/id_rit -Host * - KexAlgorithms -sntrup761x25519-sha512@openssh.com +#Host * +# KexAlgorithms -sntrup761x25519-sha512@openssh.com diff --git a/home-config/zsh/zprofile b/home-config/zsh/zprofile index 170786c..050131a 100644 --- a/home-config/zsh/zprofile +++ b/home-config/zsh/zprofile @@ -48,6 +48,10 @@ export PATH=$PATH:$LOCAL_PROFILE/bin export CC=$(which gcc) export LD=$(which gcc) +# Setup certs +export SSL_CERT_FILE=/run/current-system/profile/etc/ssl/certs/ca-certificates.crt +export SSL_CERT_DIR=/run/current-system/profile/etc/ssl/certs + # start sway only once and on the primary tty if [ -z "${DISPLAY}" ] && [ "${XDG_VTNR}" -eq 1 ]; then # dbus-run-session Hyprland &> .log/hyprland diff --git a/modules/home-config/base-system.scm b/modules/home-config/base-system.scm index ad53316..842c28a 100644 --- a/modules/home-config/base-system.scm +++ b/modules/home-config/base-system.scm @@ -27,7 +27,9 @@ #:use-module (gnu services avahi) #:use-module (gnu services spice) #:use-module (gnu services virtualization) + #:use-module (home-services ntp) #:use-module (home-packages wm) + #:use-module (home-packages certs) #:use-module (home-packages virtualization)) (define %my-base-packages @@ -70,6 +72,7 @@ "sof-firmware" "intel-microcode" "alsa-utils" + "chrony" "swayidle" "dconf" "alacritty" @@ -121,7 +124,7 @@ "libpcap" "v4l2loopback-linux-module" "neovim")) - (list swaylock-effects-new virt-manager-new) + (list swaylock-effects-new virt-manager-new freya-ca-certs) %my-base-packages)) ;; Below is the list of system services. TO search for available @@ -145,6 +148,7 @@ (publish? #f) ;; do not advertise this machiene (publish-workstation? #f))) ; do not advertise, I want this to be as silent as possible (service docker-service-type) + ;(service chrony-sericve-type) (service nix-service-type) (service libvirt-service-type (libvirt-configuration diff --git a/modules/home-config/ca-certs/freya_ca.crt b/modules/home-config/ca-certs/freya_ca.crt new file mode 100644 index 0000000..06be120 --- /dev/null +++ b/modules/home-config/ca-certs/freya_ca.crt @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBnDCCAUKgAwIBAgIRANSS7G2uorge5TXlGr7z2qswCgYIKoZIzj0EAwIwLDEQ +MA4GA1UEChMHZnJleWFDQTEYMBYGA1UEAxMPZnJleWFDQSBSb290IENBMB4XDTIz +MTAwNDIxMzczMFoXDTMzMTAwMTIxMzczMFowLDEQMA4GA1UEChMHZnJleWFDQTEY +MBYGA1UEAxMPZnJleWFDQSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD +QgAEvyoFgV7LYPyYzubVKEAmDRtp/1Fd/+/txbFBOXE0lX3EC0pPgfr2G8S7FC5P +aNv+ZxmnSSI8vLJbVofLKNu3GaNFMEMwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB +/wQIMAYBAf8CAQEwHQYDVR0OBBYEFIWAMA1zgd/KEOAV/26yfuJS48O1MAoGCCqG +SM49BAMCA0gAMEUCIQDX9oivOL5hueuikrAEoiVw0jwTOOQ51zEQD1v4Xlp1RQIg +LitR7EYp6R0ejK66ZSE0cUdsF/4WbgtrlS3p/MQgDdw= +-----END CERTIFICATE----- diff --git a/modules/home-config/ca-certs/freya_intermediate.crt b/modules/home-config/ca-certs/freya_intermediate.crt new file mode 100644 index 0000000..44bfa35 --- /dev/null +++ b/modules/home-config/ca-certs/freya_intermediate.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIBxTCCAWqgAwIBAgIQKD7wGJ+2vQCA1+8z2waLiTAKBggqhkjOPQQDAjAsMRAw +DgYDVQQKEwdmcmV5YUNBMRgwFgYDVQQDEw9mcmV5YUNBIFJvb3QgQ0EwHhcNMjMx +MDA0MjEzNzMxWhcNMzMxMDAxMjEzNzMxWjA0MRAwDgYDVQQKEwdmcmV5YUNBMSAw +HgYDVQQDExdmcmV5YUNBIEludGVybWVkaWF0ZSBDQTBZMBMGByqGSM49AgEGCCqG +SM49AwEHA0IABAygCEQ06w0AKgqXVWCL1iX0oRqS6QEb0VY49zZimPRVmI+FdJ0O +KB4kANOJABYyFfpzoK9omJXdz6BvsFHx6c+jZjBkMA4GA1UdDwEB/wQEAwIBBjAS +BgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBQFRP1PrOhDg13b9m/oPHg4IAuy +KjAfBgNVHSMEGDAWgBSFgDANc4HfyhDgFf9usn7iUuPDtTAKBggqhkjOPQQDAgNJ +ADBGAiEAoY0OsXihuhxIQAx8Fp5agkE70UaOHmT5JLJhVGH7sQYCIQCzId4kEMJ8 +N4/afVgJI7R5hHbcu1Wge40SSkMx1pplFA== +-----END CERTIFICATE----- diff --git a/modules/home-packages/certs.scm b/modules/home-packages/certs.scm new file mode 100644 index 0000000..5e356f8 --- /dev/null +++ b/modules/home-packages/certs.scm @@ -0,0 +1,51 @@ +(define-module (home-packages certs) + #:use-module ((guix licenses) #:prefix license:) + #:use-module (guix gexp) + #:use-module (guix build-system trivial) + #:use-module (guix utils) + #:use-module (guix packages) + #:use-module (gnu packages) + #:use-module (gnu packages tls) + #:use-module (gnu packages linux) + #:use-module (gnu packages base)) + +(define-public freya-ca-certs + (package + (name "freya-ca-certs") + (version "1") + (source (local-file "../home-config/ca-certs" + #:recursive? #t)) + (build-system trivial-build-system) + (license license:mpl2.0) + (home-page "https://tylerm.dev") + (arguments + `(#:modules + ((guix build utils)) + #:builder + (begin + (use-modules (guix build utils) + (srfi srfi-1) + (srfi srfi-26) + (ice-9 ftw)) + (let* ((ca-certificates (assoc-ref %build-inputs "source")) + (crt-suffix ".crt") + (is-certificate? (cut string-suffix? crt-suffix <>)) + (certificates (filter is-certificate? + (scandir ca-certificates))) + (out (assoc-ref %outputs "out")) + (certificate-directory (string-append out "/etc/ssl/certs")) + (openssl (string-append (assoc-ref %build-inputs "openssl") "/bin/openssl"))) + (mkdir-p certificate-directory) + (for-each + (lambda (cert) + (invoke + openssl "x509" + "-in" (string-append ca-certificates "/" cert) + "-outform" "PEM" + "-out" (string-append certificate-directory "/" cert ".pem"))) + certificates) + #t)))) + (native-inputs + (list openssl)) + (synopsis "freya ca certs") + (description synopsis)))