From fca998e14c46f791b343cd643d549f03e5de93d8 Mon Sep 17 00:00:00 2001
From: Noah Masur <7386960+nmasur@users.noreply.github.com>
Date: Wed, 21 Sep 2022 16:25:16 -0400
Subject: [PATCH] add ssl certs for darwin even though it didn't work

---
 modules/darwin/default.nix       |  1 +
 modules/darwin/ssl.nix           | 11 +++++++++++
 modules/work/nixos-org-certs.crt | 20 ++++++++++++++++++++
 3 files changed, 32 insertions(+)
 create mode 100644 modules/darwin/ssl.nix
 create mode 100644 modules/work/nixos-org-certs.crt

diff --git a/modules/darwin/default.nix b/modules/darwin/default.nix
index 6497ab2..30d22e7 100644
--- a/modules/darwin/default.nix
+++ b/modules/darwin/default.nix
@@ -6,6 +6,7 @@
     ./hammerspoon.nix
     ./homebrew.nix
     ./nixpkgs.nix
+    ./ssl.nix
     ./system.nix
     ./tmux.nix
     ./user.nix
diff --git a/modules/darwin/ssl.nix b/modules/darwin/ssl.nix
new file mode 100644
index 0000000..dd88282
--- /dev/null
+++ b/modules/darwin/ssl.nix
@@ -0,0 +1,11 @@
+{ config, pkgs, ... }: {
+
+  # security.pki.certificateFiles = [
+  #   "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
+  #   (builtins.toString ../work/nixos-org-certs.crt)
+  # ];
+
+  security.pki.certificates =
+    [ (builtins.readFile ../work/nixos-org-certs.crt) ];
+
+}
diff --git a/modules/work/nixos-org-certs.crt b/modules/work/nixos-org-certs.crt
new file mode 100644
index 0000000..44d7a2a
--- /dev/null
+++ b/modules/work/nixos-org-certs.crt
@@ -0,0 +1,20 @@
+T2 Palo Alto CA
+-----BEGIN CERTIFICATE-----
+MIIDIjCCAgqgAwIBAgIJAOE7K8F61qxbMA0GCSqGSIb3DQEBCwUAMEExCzAJBgNV
+BAYTAlVTMQswCQYDVQQIEwJOWTELMAkGA1UECxMCSVQxGDAWBgNVBAMTD1QyIFBh
+bG8gQWx0byBDQTAeFw0xNTA3MTUyMzUzNDJaFw0yNTA3MTIyMzUzNDJaMEExCzAJ
+BgNVBAYTAlVTMQswCQYDVQQIEwJOWTELMAkGA1UECxMCSVQxGDAWBgNVBAMTD1Qy
+IFBhbG8gQWx0byBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANBa
+nVZxAhk+spmp8JBzwtgPS+2oQ/Kpv7BRWn7Rj52oAL++a4DH2zRLb3f4mMyPpgEX
+nNrvZSkonxJToEMhAed5eIKNOjcwDT8kLatfmE/LHD4xNeK0FN0p0OlTJkwLI5KZ
+rne/YKqkYscYfjxyugYPb3ukjYfxeGNfeF9HGKTPAcL+fj0/fgkffJJPZ+d9+C2Z
+YXXI36DoXEjHUPxOz/hKL5ohM4m86OHt6qvZaG/b43raI99ckRFTwmoF+AfdIgVa
+3cuaxhnGyv+bC41LTxd1Azzys0txfxkFrt14oBUgOmPJelC26KgFoHnG8hSykNaH
+Uh8S8i8jmXgEdUN+bGkCAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMC
+AgQwDQYJKoZIhvcNAQELBQADggEBAAqFo1P7Btgt9BZRpwmjA8ghQmQZQ9Fek1m2
+aOmkPMa6OqWxXDT5VU/b02LfKb+uVLsdBC1cv7ZrRYZc7ATt8d19rohvSn7DL8GR
+FEjYgj1OFvblbN8zHogDVx4gD57j9imT40vNpBcsEiRlNXDu/ExbhsDiing1tdmq
+eULdQg13kdJzqVS6xJ10qddqRRUWASkq5qUwvTO2MQkCjPSGjUAHeHa9vCZRiVWQ
+vWVwZ7CZ6XTzqcpfKdT/xKGHbT6xQxIhLVOvSMIhirh8OyFVzM5m+PHYN4KO6x5j
++Je/viLhvfaEVUntOkOcpQVmwOYZezQZqDDRWXo9k0vqGnZ8Gog=
+-----END CERTIFICATE-----