4

I am currently writing some software for a company and they have asked me to push the code to a git remote located on their server. They sent through a CA certificate (*-root-CA.crt) that apparently must be installed in order to access their git repository. What is the idiomatic way to install this certificate on NixOS?

I came across this question that seems to imply I can add something like:

security.pki.certificates = [ /root/cert ];

to my /etc/nixos/configuration.nix. However, I'm unsure where exactly I should be storing this certificate. I noticed there are ca-bundle.crt and ca-certificates.crt in /etc/ssl/certs/ - should I simply append the text of my certificate onto one of these? Or just move the certificate into this directory?

I'm also unsure if there is any further git configuration required beyond this. If there is some extra configuration required, any advice would be greatly appreciated.

mindTree
  • 253

1 Answers1

5

You can place the certificate file where ever you'd like and then use security.pki.certificateFiles to reference it. For example:

security.pki.certificateFiles = [ "/root/cert" ];

NixOS will append the contents of the certificate file to /etc/ssl/certs/ca-certificates.crt. NixOS won't use the original certificate file (in this example, /root/cert) during runtime.

Emmanuel Rosa
  • 7,128