diff options
| -rw-r--r-- | nixos/modules/security/ca.nix | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/nixos/modules/security/ca.nix b/nixos/modules/security/ca.nix index 2eaee815c7d..e60cb5cdb67 100644 --- a/nixos/modules/security/ca.nix +++ b/nixos/modules/security/ca.nix @@ -55,20 +55,21 @@ in security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ca-bundle.crt" ]; + # NixOS canonical location + Debian/Ubuntu/Arch/Gentoo compatibility. + environment.etc."ssl/certs/ca-certificates.crt".source = caBundle; + + # Old NixOS compatibility. environment.etc."ssl/certs/ca-bundle.crt".source = caBundle; # CentOS/Fedora compatibility. environment.etc."pki/tls/certs/ca-bundle.crt".source = caBundle; - # Debian/Ubuntu/Arch/Gentoo compatibility. - environment.etc."ssl/certs/ca-certificates.crt".source = caBundle; - environment.sessionVariables = - { SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt"; + { SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; # FIXME: unneeded - remove eventually. - OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt"; + OPENSSL_X509_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt"; # FIXME: unneeded - remove eventually. - GIT_SSL_CAINFO = "/etc/ssl/certs/ca-bundle.crt"; + GIT_SSL_CAINFO = "/etc/ssl/certs/ca-certificates.crt"; }; }; |