modules

author: Fuwn <[email protected]> 2024-09-03 01:52:03 -0700
committer: Fuwn <[email protected]> 2024-09-03 01:52:03 -0700
commit: c6deea451af1af2fdf4aee7f1ed74209f312a9b3 (patch)
tree: d725ce5a39939b1379f2a4141cd0ab54c1ef16cc /modules/security/pki.nix
parent: home (diff)
download: nixos-config-c6deea451af1af2fdf4aee7f1ed74209f312a9b3.tar.xz
nixos-config-c6deea451af1af2fdf4aee7f1ed74209f312a9b3.zip
1 files changed, 42 insertions, 0 deletions
diff --git a/modules/security/pki.nix b/modules/security/pki.nix
new file mode 100644
index 0000000..b804fc5
--- /dev/null
+++ b/modules/security/pki.nix
@@ -0,0 +1,42 @@
+{ lib, ... }:
+{
+  security.pki = {
+    certificates = lib.mkForce [ ];
+
+    caCertificateBlacklist = [
+      "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
+      "Autoridad de Certificacion Firmaprofesional CIF A62634068"
+
+      # China Financial Certification Authority
+      "CFCA EV ROOT"
+
+      # Chunghwa Telecom Co., Ltd
+      "ePKI Root Certification Authority"
+      "HiPKI Root CA - G1"
+
+      # Dhimyotis
+      "Certigna"
+      "Certigna Root CA"
+
+      # GUANG DONG CERTIFICATE AUTHORITY
+      "GDCA TrustAUTH R5 ROOT"
+
+      # Hongkong Post
+      "Hongkong Post Root CA 3"
+
+      # iTrusChina Co.,Ltd.
+      "vTrus ECC Root CA"
+      "vTrus Root CA"
+
+      # Krajowa Izba Rozliczeniowa S.A.
+      "SZAFIR ROOT CA2"
+
+      # NetLock Kft.
+      "NetLock Arany (Class Gold) Főtanúsítvány"
+
+      # TAIWAN-CA
+      "TWCA Root Certification Authority"
+      "TWCA Global Root CA"
+    ];
+  };
+}
author	Fuwn <[email protected]>	2024-09-03 01:52:03 -0700
committer	Fuwn <[email protected]>	2024-09-03 01:52:03 -0700
commit	c6deea451af1af2fdf4aee7f1ed74209f312a9b3 (patch)
tree	d725ce5a39939b1379f2a4141cd0ab54c1ef16cc /modules/security/pki.nix
parent	home (diff)
download	nixos-config-c6deea451af1af2fdf4aee7f1ed74209f312a9b3.tar.xz nixos-config-c6deea451af1af2fdf4aee7f1ed74209f312a9b3.zip