From b081473eaa08537dee157d6810de49ca71adf0e1 Mon Sep 17 00:00:00 2001
From: Ryan Schanzenbacher <ryan@rschanz.org>
Date: Fri, 5 May 2023 01:22:35 -0400
Subject: half baked changes that need fixing

---
 system.scm | 59 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 59 insertions(+)

(limited to 'system.scm')

diff --git a/system.scm b/system.scm
index 649146b..7a9cfb4 100644
--- a/system.scm
+++ b/system.scm
@@ -15,10 +15,68 @@
 (use-modules (guix packages))
 (use-modules (gnu services authentication))
 (use-modules (gnu packages shells))
+(use-modules (gnu packages perl))
+(use-modules (guix build-system trivial))
+(use-modules (guix licenses))
 (use-modules (srfi srfi-1))
 (use-package-modules security-token)
 (use-service-modules cups desktop networking ssh xorg sound security-token docker)
 
+; Define package that installs my root ca public keys
+(define my-ca-certs
+  (package
+   (name "my-ca-certs")
+   (version "1")
+   (source (local-file "./CACerts/"
+                       #:recursive? #t))
+   (home-page "https://rschanz.org")
+   (license agpl3+)
+   (build-system trivial-build-system)
+   (arguments
+    `(#:modules
+      ((guix build utils))
+      #:builder
+      (begin
+        (use-modules (guix build utils)
+                     (srfi srfi-1)
+                     (srfi srfi-26)
+                     (ice-9 ftw))
+        (let* ((ca-certificates (assoc-ref %build-inputs "source"))
+               (crt-suffix ".crt")
+               (is-certificate? (cut string-suffix? crt-suffix <>))
+               (certificates (filter is-certificate?
+                                     (scandir ca-certificates)))
+               (out (assoc-ref %outputs "out"))
+               (certificate-directory (string-append out
+                                                     "/etc/ssl/certs"))
+               (openssl (string-append (assoc-ref %build-inputs
+                                                  "openssl")
+                                       "/bin/openssl")))
+          (mkdir-p certificate-directory)
+          ;; When this package is installed into a profile, any files in the
+          ;; package output's etc/ssl/certs directory ending in ".pem" will
+          ;; also be put into a ca-certificates.crt bundle.  In the case of a
+          ;; system profile, this bundle will be made available to the system
+          ;; at activation time.  See the profile hooks defined in (guix
+          ;; profiles) and the etc-service-type define in (gnu services) for
+          ;; details.
+          (for-each
+           ;; Ensure the certificate is in an appropriate format.
+           (lambda (certificate)
+             (invoke
+              openssl "x509"
+              "-in" (string-append ca-certificates "/" certificate)
+              "-outform" "PEM"
+              "-out" (string-append
+                      certificate-directory "/"
+                      (basename certificate crt-suffix) ".pem")))
+           certificates)
+          #t))))
+   (inputs
+    (list openssl))
+   (synopsis "My certificate authority certificates")
+   (description synopsis)))
+
 ; Re-define the base packages to remove sudo
 (define %my-base-packages
   (remove (lambda (package)
@@ -84,6 +142,7 @@
                                                         "docker"
                                                         "wireplumber"
                                                         "zsh"))
+                         (list my-ca-certs)
                          %my-base-packages ))
 
   ;; Below is the list of system services.  To search for available
-- 
cgit v1.2.3