From 94de87ed74d42cc17797a3bdb297e43c0478efc0 Mon Sep 17 00:00:00 2001
From: Fuwn <contact@fuwn.me>
Date: Sun, 29 Sep 2024 00:43:27 -0700
Subject: pki: move to core

---
 modules/core/networking/default.nix  |  1 +
 modules/core/networking/pki.nix      | 47 ++++++++++++++++++++++++++++++++++++
 modules/desktop/security/default.nix |  1 -
 modules/desktop/security/pki.nix     | 47 ------------------------------------
 4 files changed, 48 insertions(+), 48 deletions(-)
 create mode 100644 modules/core/networking/pki.nix
 delete mode 100644 modules/desktop/security/pki.nix

diff --git a/modules/core/networking/default.nix b/modules/core/networking/default.nix
index ebdcd55..b8f221d 100644
--- a/modules/core/networking/default.nix
+++ b/modules/core/networking/default.nix
@@ -2,6 +2,7 @@
 {
   imports = [
     ./firewall
+    ./pki.nix
     ./resolved.nix
     ./tailscale.nix
   ];
diff --git a/modules/core/networking/pki.nix b/modules/core/networking/pki.nix
new file mode 100644
index 0000000..c781040
--- /dev/null
+++ b/modules/core/networking/pki.nix
@@ -0,0 +1,47 @@
+{ pkgs, ... }:
+{
+  security.pki = {
+    certificateFiles = [
+      (pkgs.fetchurl {
+        url = "https://nextdns.io/ca";
+        hash = "sha256-yl+2q4H/a8SLGv4Mt+g8+03uy9ihZxACbsj3uCTog34=";
+      })
+    ];
+
+    caCertificateBlacklist = [
+      "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
+      "Autoridad de Certificacion Firmaprofesional CIF A62634068"
+
+      # China Financial Certification Authority
+      "CFCA EV ROOT"
+
+      # Chunghwa Telecom Co., Ltd
+      "ePKI Root Certification Authority"
+      "HiPKI Root CA - G1"
+
+      # Dhimyotis
+      "Certigna"
+      "Certigna Root CA"
+
+      # GUANG DONG CERTIFICATE AUTHORITY
+      "GDCA TrustAUTH R5 ROOT"
+
+      # Hongkong Post
+      "Hongkong Post Root CA 3"
+
+      # iTrusChina Co.,Ltd.
+      "vTrus ECC Root CA"
+      "vTrus Root CA"
+
+      # Krajowa Izba Rozliczeniowa S.A.
+      "SZAFIR ROOT CA2"
+
+      # NetLock Kft.
+      "NetLock Arany (Class Gold) Főtanúsítvány"
+
+      # TAIWAN-CA
+      "TWCA Root Certification Authority"
+      "TWCA Global Root CA"
+    ];
+  };
+}
diff --git a/modules/desktop/security/default.nix b/modules/desktop/security/default.nix
index 7a571a9..c1c084c 100644
--- a/modules/desktop/security/default.nix
+++ b/modules/desktop/security/default.nix
@@ -6,7 +6,6 @@
     ./doas.nix
     ./kernel.nix
     ./pam.nix
-    ./pki.nix
     ./polkit.nix
     ./sudo.nix
   ];
diff --git a/modules/desktop/security/pki.nix b/modules/desktop/security/pki.nix
deleted file mode 100644
index c781040..0000000
--- a/modules/desktop/security/pki.nix
+++ /dev/null
@@ -1,47 +0,0 @@
-{ pkgs, ... }:
-{
-  security.pki = {
-    certificateFiles = [
-      (pkgs.fetchurl {
-        url = "https://nextdns.io/ca";
-        hash = "sha256-yl+2q4H/a8SLGv4Mt+g8+03uy9ihZxACbsj3uCTog34=";
-      })
-    ];
-
-    caCertificateBlacklist = [
-      "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
-      "Autoridad de Certificacion Firmaprofesional CIF A62634068"
-
-      # China Financial Certification Authority
-      "CFCA EV ROOT"
-
-      # Chunghwa Telecom Co., Ltd
-      "ePKI Root Certification Authority"
-      "HiPKI Root CA - G1"
-
-      # Dhimyotis
-      "Certigna"
-      "Certigna Root CA"
-
-      # GUANG DONG CERTIFICATE AUTHORITY
-      "GDCA TrustAUTH R5 ROOT"
-
-      # Hongkong Post
-      "Hongkong Post Root CA 3"
-
-      # iTrusChina Co.,Ltd.
-      "vTrus ECC Root CA"
-      "vTrus Root CA"
-
-      # Krajowa Izba Rozliczeniowa S.A.
-      "SZAFIR ROOT CA2"
-
-      # NetLock Kft.
-      "NetLock Arany (Class Gold) Főtanúsítvány"
-
-      # TAIWAN-CA
-      "TWCA Root Certification Authority"
-      "TWCA Global Root CA"
-    ];
-  };
-}
-- 
cgit v1.2.3