automatically setup DoD certs in firefox

2025-06-06 19:56:06 -07:00 · 2025-05-29 13:15:41 -07:00 · 2025-05-29 13:15:41 -07:00 · 24557adfe5
commit 24557adfe5
parent 3d6a76f800
10 changed files with 25 additions and 10 deletions
--- a/provision/hosts/wsl/configuration.nix
+++ b/provision/hosts/wsl/configuration.nix
@ -51,13 +51,13 @@ in
  # Add DoD CA certs to trusted source
  security.pki.certificateFiles = [
-    ./certs/DoDWCFInterCA1.crt
+    ../../../resources/dod_certs/DoDWCFInterCA1.crt
-    ./certs/DoDRootCA3.crt
+    ../../../resources/dod_certs/DoDRootCA3.crt
-    ./certs/DoDRootCA4.crt
+    ../../../resources/dod_certs/DoDRootCA4.crt
-    ./certs/DoDRootCA5.crt
+    ../../../resources/dod_certs/DoDRootCA5.crt
-    ./certs/DoDRootCA6.crt
+    ../../../resources/dod_certs/DoDRootCA6.crt
-    ./certs/DoDInteroperabilityRootCA2.crt
+    ../../../resources/dod_certs/DoDInteroperabilityRootCA2.crt
-    ./certs/USDoDCCEBInteroperabilityRootCA2.crt
+    ../../../resources/dod_certs/USDoDCCEBInteroperabilityRootCA2.crt
  ];
  # Modules 
--- a/provision/modules/desktop/peripherals.nix
+++ b/provision/modules/desktop/peripherals.nix
@ -6,9 +6,6 @@ in {
    environment.systemPackages = with pkgs; [
      libimobiledevice # Library to support iPhone, iPod Touch and iPad devices on Linux
      ifuse # Fuse filesystem implementation to access the contents of iOS devices
      opensc # Open source smart card tools and middleware
      pcsc-tools # Tools are used to test a PC/SC drivers
      pkcs11helper # Library that simplifies the interaction with PKCS#11
      pySVS # Control SVS subwoofers from the command-line
      (pkgs.writeScriptBin "sv" ''
        #!/bin/sh
--- a/provision/modules/programs/firefox.nix
+++ b/provision/modules/programs/firefox.nix
@ -10,12 +10,30 @@ in {
  };
  config = lib.mkIf cfg.enable {
    environment.systemPackages = with pkgs; [
      opensc # Open source smart card tools and middleware
      pcsc-tools # Tools are used to test a PC/SC drivers
      pkcs11helper # Library that simplifies the interaction with PKCS#11
    ];
    # Add DoD CA certs to trusted source
    security.pki.certificateFiles = [
      ../../../resources/dod_certs/DoDWCFInterCA1.crt
      ../../../resources/dod_certs/DoDRootCA3.crt
      ../../../resources/dod_certs/DoDRootCA4.crt
      ../../../resources/dod_certs/DoDRootCA5.crt
      ../../../resources/dod_certs/DoDRootCA6.crt
      ../../../resources/dod_certs/DoDInteroperabilityRootCA2.crt
      ../../../resources/dod_certs/USDoDCCEBInteroperabilityRootCA2.crt
    ];
    home-manager.users.${user} = {
      programs.firefox = {
        enable = true;
        policies = {
          SecurityDevices = {
            Add = {
              # 
              "NIPR" = "${pkgs.opensc}/lib/opensc-pkcs11.so";
            };
          };
--- a/provision/hosts/wsl/certs/DoDInteroperabilityRootCA2.crt
+++ b/provision/hosts/wsl/certs/DoDInteroperabilityRootCA2.crt
--- a/provision/hosts/wsl/certs/DoDRootCA3.crt
+++ b/provision/hosts/wsl/certs/DoDRootCA3.crt
--- a/provision/hosts/wsl/certs/DoDRootCA4.crt
+++ b/provision/hosts/wsl/certs/DoDRootCA4.crt
--- a/provision/hosts/wsl/certs/DoDRootCA5.crt
+++ b/provision/hosts/wsl/certs/DoDRootCA5.crt
--- a/provision/hosts/wsl/certs/DoDRootCA6.crt
+++ b/provision/hosts/wsl/certs/DoDRootCA6.crt
--- a/provision/hosts/wsl/certs/DoDWCFInterCA1.crt
+++ b/provision/hosts/wsl/certs/DoDWCFInterCA1.crt
--- a/provision/hosts/wsl/certs/USDoDCCEBInteroperabilityRootCA2.crt
+++ b/provision/hosts/wsl/certs/USDoDCCEBInteroperabilityRootCA2.crt