automatically setup DoD certs in firefox

This commit is contained in:
Tyler Starr 2025-05-29 13:15:41 -07:00
parent 3d6a76f800
commit 24557adfe5
10 changed files with 25 additions and 10 deletions

View File

@ -51,13 +51,13 @@ in
# Add DoD CA certs to trusted source
security.pki.certificateFiles = [
./certs/DoDWCFInterCA1.crt
./certs/DoDRootCA3.crt
./certs/DoDRootCA4.crt
./certs/DoDRootCA5.crt
./certs/DoDRootCA6.crt
./certs/DoDInteroperabilityRootCA2.crt
./certs/USDoDCCEBInteroperabilityRootCA2.crt
../../../resources/dod_certs/DoDWCFInterCA1.crt
../../../resources/dod_certs/DoDRootCA3.crt
../../../resources/dod_certs/DoDRootCA4.crt
../../../resources/dod_certs/DoDRootCA5.crt
../../../resources/dod_certs/DoDRootCA6.crt
../../../resources/dod_certs/DoDInteroperabilityRootCA2.crt
../../../resources/dod_certs/USDoDCCEBInteroperabilityRootCA2.crt
];
# Modules

View File

@ -6,9 +6,6 @@ in {
environment.systemPackages = with pkgs; [
libimobiledevice # Library to support iPhone, iPod Touch and iPad devices on Linux
ifuse # Fuse filesystem implementation to access the contents of iOS devices
opensc # Open source smart card tools and middleware
pcsc-tools # Tools are used to test a PC/SC drivers
pkcs11helper # Library that simplifies the interaction with PKCS#11
pySVS # Control SVS subwoofers from the command-line
(pkgs.writeScriptBin "sv" ''
#!/bin/sh

View File

@ -10,12 +10,30 @@ in {
};
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [
opensc # Open source smart card tools and middleware
pcsc-tools # Tools are used to test a PC/SC drivers
pkcs11helper # Library that simplifies the interaction with PKCS#11
];
# Add DoD CA certs to trusted source
security.pki.certificateFiles = [
../../../resources/dod_certs/DoDWCFInterCA1.crt
../../../resources/dod_certs/DoDRootCA3.crt
../../../resources/dod_certs/DoDRootCA4.crt
../../../resources/dod_certs/DoDRootCA5.crt
../../../resources/dod_certs/DoDRootCA6.crt
../../../resources/dod_certs/DoDInteroperabilityRootCA2.crt
../../../resources/dod_certs/USDoDCCEBInteroperabilityRootCA2.crt
];
home-manager.users.${user} = {
programs.firefox = {
enable = true;
policies = {
SecurityDevices = {
Add = {
#
"NIPR" = "${pkgs.opensc}/lib/opensc-pkcs11.so";
};
};