From c6deea451af1af2fdf4aee7f1ed74209f312a9b3 Mon Sep 17 00:00:00 2001
From: Fuwn <contact@fuwn.me>
Date: Tue, 3 Sep 2024 01:52:03 -0700
Subject: modules

---
 modules/security/pki.nix | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 modules/security/pki.nix

(limited to 'modules/security/pki.nix')

diff --git a/modules/security/pki.nix b/modules/security/pki.nix
new file mode 100644
index 0000000..b804fc5
--- /dev/null
+++ b/modules/security/pki.nix
@@ -0,0 +1,42 @@
+{ lib, ... }:
+{
+  security.pki = {
+    certificates = lib.mkForce [ ];
+
+    caCertificateBlacklist = [
+      "AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
+      "Autoridad de Certificacion Firmaprofesional CIF A62634068"
+
+      # China Financial Certification Authority
+      "CFCA EV ROOT"
+
+      # Chunghwa Telecom Co., Ltd
+      "ePKI Root Certification Authority"
+      "HiPKI Root CA - G1"
+
+      # Dhimyotis
+      "Certigna"
+      "Certigna Root CA"
+
+      # GUANG DONG CERTIFICATE AUTHORITY
+      "GDCA TrustAUTH R5 ROOT"
+
+      # Hongkong Post
+      "Hongkong Post Root CA 3"
+
+      # iTrusChina Co.,Ltd.
+      "vTrus ECC Root CA"
+      "vTrus Root CA"
+
+      # Krajowa Izba Rozliczeniowa S.A.
+      "SZAFIR ROOT CA2"
+
+      # NetLock Kft.
+      "NetLock Arany (Class Gold) Főtanúsítvány"
+
+      # TAIWAN-CA
+      "TWCA Root Certification Authority"
+      "TWCA Global Root CA"
+    ];
+  };
+}
-- 
cgit v1.2.3