From 8752a65ba7c21e42661c386004dc8bfdd4cc3816 Mon Sep 17 00:00:00 2001
From: Fuwn <contact@fuwn.me>
Date: Sun, 29 Sep 2024 00:42:16 -0700
Subject: pki: add nextdns ca

---
 modules/desktop/security/pki.nix | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'modules/desktop/security/pki.nix')

diff --git a/modules/desktop/security/pki.nix b/modules/desktop/security/pki.nix
index b804fc5..c781040 100644
--- a/modules/desktop/security/pki.nix
+++ b/modules/desktop/security/pki.nix
@@ -1,7 +1,12 @@
-{ lib, ... }:
+{ pkgs, ... }:
 {
   security.pki = {
-    certificates = lib.mkForce [ ];
+    certificateFiles = [
+      (pkgs.fetchurl {
+        url = "https://nextdns.io/ca";
+        hash = "sha256-yl+2q4H/a8SLGv4Mt+g8+03uy9ihZxACbsj3uCTog34=";
+      })
+    ];
 
     caCertificateBlacklist = [
       "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
-- 
cgit v1.2.3