nix-git/modules/t-telesec.nix

{ config, pkgs, ... }:
let
  # Define an awk script, that cuts one certificate out of the ca-bundle.crt file.
  # https://gist.github.com/erictapen/841190c8b7d63b775df21123d55eddcb
  cert = pkgs.stdenv.mkDerivation rec{
    name = "telesec-globalroot-class-2.pem";
    src = builtins.toFile "${name}-awk-helper" ''
      {
        if(a > 0) {
          print
        }
      }
      /-----END CERTIFICATE-----/ {
        a = 0
      }
      /T-TeleSec GlobalRoot Class 2/ {
        a = 1
      }
    '';
    nativeBuildInputs = with pkgs; [ cacert gawk ];
    phases = "installPhase";
    installPhase = "${pkgs.gawk}/bin/awk -f $src ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt > $out";
  };
in
{
  environment.etc."t-telesec.pem".source = cert;
}
add openconnect vpn 2024-08-23 12:37:30 +02:00			`{ config, pkgs, ... }:`
			`let`
			`# Define an awk script, that cuts one certificate out of the ca-bundle.crt file.`
			`# https://gist.github.com/erictapen/841190c8b7d63b775df21123d55eddcb`
			`cert = pkgs.stdenv.mkDerivation rec{`
			`name = "telesec-globalroot-class-2.pem";`
			`src = builtins.toFile "${name}-awk-helper" ''`
			`{`
			`if(a > 0) {`
			`print`
			`}`
			`}`
			`/-----END CERTIFICATE-----/ {`
			`a = 0`
			`}`
			`/T-TeleSec GlobalRoot Class 2/ {`
			`a = 1`
			`}`
			`'';`
			`nativeBuildInputs = with pkgs; [ cacert gawk ];`
			`phases = "installPhase";`
			`installPhase = "${pkgs.gawk}/bin/awk -f $src ${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt > $out";`
			`};`
			`in`
			`{`
			`environment.etc."t-telesec.pem".source = cert;`
			`}`