freyaCA

2023-10-04 22:34:41 -04:00 · 2023-10-04 22:34:41 -04:00 · 72da935ae2
commit 72da935ae2
parent 74b72c7fb5
7 changed files with 87 additions and 3 deletions
--- a/home-config/home-configuration.scm
+++ b/home-config/home-configuration.scm
@ -21,6 +21,7 @@
             (home-packages vim)
             (home-packages gnome-xyz)
             (home-packages shells)
+             (home-packages certs)
             (home-packages audio))


@ -88,6 +89,7 @@
                  firefox-wayland-new 
                  lavanda-gtk-theme 
                  zsh-autosuggestions
+                  freya-ca-certs
                  vim-plug)))

  ;; Below is the list of Home services.  To search for available
--- a/home-config/ssh/config
+++ b/home-config/ssh/config
@ -26,6 +26,6 @@ Host github.com
    User tam2214
    IdentityFile /home/tylerm/.ssh/id_rit

-Host *
-    KexAlgorithms -sntrup761x25519-sha512@openssh.com
+#Host *
+#    KexAlgorithms -sntrup761x25519-sha512@openssh.com

--- a/home-config/zsh/zprofile
+++ b/home-config/zsh/zprofile
@ -48,6 +48,10 @@ export PATH=$PATH:$LOCAL_PROFILE/bin
 export CC=$(which gcc)
 export LD=$(which gcc)

+# Setup certs
+export SSL_CERT_FILE=/run/current-system/profile/etc/ssl/certs/ca-certificates.crt
+export SSL_CERT_DIR=/run/current-system/profile/etc/ssl/certs
+
 # start sway only once and on the primary tty
 if [ -z "${DISPLAY}" ] && [ "${XDG_VTNR}" -eq 1 ]; then
 #    dbus-run-session Hyprland &> .log/hyprland
--- a/modules/home-config/base-system.scm
+++ b/modules/home-config/base-system.scm
@ -27,7 +27,9 @@
           #:use-module (gnu services avahi)
           #:use-module (gnu services spice)
           #:use-module (gnu services virtualization)
+           #:use-module (home-services ntp)
           #:use-module (home-packages wm)
+           #:use-module (home-packages certs)
           #:use-module (home-packages virtualization))

 (define %my-base-packages
@ -70,6 +72,7 @@
                                                             "sof-firmware"
                                                             "intel-microcode"
                                                             "alsa-utils"
+                                                             "chrony"
                                                             "swayidle"
                                                             "dconf"
                                                             "alacritty"
@ -121,7 +124,7 @@
                                                             "libpcap"
                                                             "v4l2loopback-linux-module"
                                                             "neovim"))
-                           (list swaylock-effects-new virt-manager-new)
+                           (list swaylock-effects-new virt-manager-new freya-ca-certs)
                           %my-base-packages))

         ;; Below is the list of system services. TO search for available
@ -145,6 +148,7 @@
                      (publish? #f) ;; do not advertise this machiene
                      (publish-workstation? #f))) ; do not advertise, I want this to be as silent as possible
               (service docker-service-type)
+               ;(service chrony-sericve-type)
               (service nix-service-type)
               (service libvirt-service-type
                        (libvirt-configuration
--- a/modules/home-config/ca-certs/freya_ca.crt
+++ b/modules/home-config/ca-certs/freya_ca.crt
@ -0,0 +1,11 @@
+-----BEGIN CERTIFICATE-----
+MIIBnDCCAUKgAwIBAgIRANSS7G2uorge5TXlGr7z2qswCgYIKoZIzj0EAwIwLDEQ
+MA4GA1UEChMHZnJleWFDQTEYMBYGA1UEAxMPZnJleWFDQSBSb290IENBMB4XDTIz
+MTAwNDIxMzczMFoXDTMzMTAwMTIxMzczMFowLDEQMA4GA1UEChMHZnJleWFDQTEY
+MBYGA1UEAxMPZnJleWFDQSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
+QgAEvyoFgV7LYPyYzubVKEAmDRtp/1Fd/+/txbFBOXE0lX3EC0pPgfr2G8S7FC5P
+aNv+ZxmnSSI8vLJbVofLKNu3GaNFMEMwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB
+/wQIMAYBAf8CAQEwHQYDVR0OBBYEFIWAMA1zgd/KEOAV/26yfuJS48O1MAoGCCqG
+SM49BAMCA0gAMEUCIQDX9oivOL5hueuikrAEoiVw0jwTOOQ51zEQD1v4Xlp1RQIg
+LitR7EYp6R0ejK66ZSE0cUdsF/4WbgtrlS3p/MQgDdw=
+-----END CERTIFICATE-----
--- a/modules/home-config/ca-certs/freya_intermediate.crt
+++ b/modules/home-config/ca-certs/freya_intermediate.crt
@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBxTCCAWqgAwIBAgIQKD7wGJ+2vQCA1+8z2waLiTAKBggqhkjOPQQDAjAsMRAw
+DgYDVQQKEwdmcmV5YUNBMRgwFgYDVQQDEw9mcmV5YUNBIFJvb3QgQ0EwHhcNMjMx
+MDA0MjEzNzMxWhcNMzMxMDAxMjEzNzMxWjA0MRAwDgYDVQQKEwdmcmV5YUNBMSAw
+HgYDVQQDExdmcmV5YUNBIEludGVybWVkaWF0ZSBDQTBZMBMGByqGSM49AgEGCCqG
+SM49AwEHA0IABAygCEQ06w0AKgqXVWCL1iX0oRqS6QEb0VY49zZimPRVmI+FdJ0O
+KB4kANOJABYyFfpzoK9omJXdz6BvsFHx6c+jZjBkMA4GA1UdDwEB/wQEAwIBBjAS
+BgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBQFRP1PrOhDg13b9m/oPHg4IAuy
+KjAfBgNVHSMEGDAWgBSFgDANc4HfyhDgFf9usn7iUuPDtTAKBggqhkjOPQQDAgNJ
+ADBGAiEAoY0OsXihuhxIQAx8Fp5agkE70UaOHmT5JLJhVGH7sQYCIQCzId4kEMJ8
+N4/afVgJI7R5hHbcu1Wge40SSkMx1pplFA==
+-----END CERTIFICATE-----
--- a/modules/home-packages/certs.scm
+++ b/modules/home-packages/certs.scm
@ -0,0 +1,51 @@
+(define-module (home-packages certs)
+               #:use-module ((guix licenses) #:prefix license:)
+               #:use-module (guix gexp)
+               #:use-module (guix build-system trivial)
+               #:use-module (guix utils)
+               #:use-module (guix packages)
+               #:use-module (gnu packages)
+               #:use-module (gnu packages tls)
+               #:use-module (gnu packages linux)
+               #:use-module (gnu packages base))
+
+(define-public freya-ca-certs
+  (package
+    (name "freya-ca-certs")
+    (version "1")
+    (source (local-file "../home-config/ca-certs"
+                        #:recursive? #t))
+    (build-system trivial-build-system)
+    (license license:mpl2.0)
+    (home-page "https://tylerm.dev")
+    (arguments
+      `(#:modules
+        ((guix build utils))
+        #:builder
+        (begin
+          (use-modules (guix build utils)
+                       (srfi srfi-1)
+                       (srfi srfi-26)
+                       (ice-9 ftw))
+          (let* ((ca-certificates (assoc-ref %build-inputs "source"))
+                 (crt-suffix ".crt")
+                 (is-certificate? (cut string-suffix? crt-suffix <>))
+                 (certificates (filter is-certificate?
+                                       (scandir ca-certificates)))
+                 (out (assoc-ref %outputs "out"))
+                 (certificate-directory (string-append out "/etc/ssl/certs"))
+                 (openssl (string-append (assoc-ref %build-inputs "openssl") "/bin/openssl")))
+            (mkdir-p certificate-directory)
+            (for-each
+              (lambda (cert)
+                (invoke
+                  openssl "x509"
+                  "-in" (string-append ca-certificates "/" cert)
+                  "-outform" "PEM"
+                  "-out" (string-append certificate-directory "/" cert ".pem")))
+              certificates)
+            #t))))
+    (native-inputs
+      (list openssl))
+    (synopsis "freya ca certs")
+    (description synopsis)))