blob: c78104097cd08f3edf16ec9b26ed699e56c09f50 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
{ pkgs, ... }:
{
security.pki = {
certificateFiles = [
(pkgs.fetchurl {
url = "https://nextdns.io/ca";
hash = "sha256-yl+2q4H/a8SLGv4Mt+g8+03uy9ihZxACbsj3uCTog34=";
})
];
caCertificateBlacklist = [
"AC RAIZ FNMT-RCM SERVIDORES SEGUROS"
"Autoridad de Certificacion Firmaprofesional CIF A62634068"
# China Financial Certification Authority
"CFCA EV ROOT"
# Chunghwa Telecom Co., Ltd
"ePKI Root Certification Authority"
"HiPKI Root CA - G1"
# Dhimyotis
"Certigna"
"Certigna Root CA"
# GUANG DONG CERTIFICATE AUTHORITY
"GDCA TrustAUTH R5 ROOT"
# Hongkong Post
"Hongkong Post Root CA 3"
# iTrusChina Co.,Ltd.
"vTrus ECC Root CA"
"vTrus Root CA"
# Krajowa Izba Rozliczeniowa S.A.
"SZAFIR ROOT CA2"
# NetLock Kft.
"NetLock Arany (Class Gold) Főtanúsítvány"
# TAIWAN-CA
"TWCA Root Certification Authority"
"TWCA Global Root CA"
];
};
}
|