refactor(sys): Modularize and move to `modules/system` or `pkgs`

author: Benedikt Peetz <benedikt.peetz@b-peetz.de> 2024-05-20 16:10:21 +0200
committer: Benedikt Peetz <benedikt.peetz@b-peetz.de> 2024-05-20 16:14:26 +0200
commit: 368cb6b0d25db2ae23be42ad51584de059997e51 (patch)
tree: 3282e45d3ebced63c8498a47e83a255c35de620b /modules/system/boot/iso_entry/signing_key.nix
parent: refactor(hm): Rename to `modules/home` (diff)
download: nixos-config-368cb6b0d25db2ae23be42ad51584de059997e51.zip
1 files changed, 18 insertions, 0 deletions
diff --git a/modules/system/boot/iso_entry/signing_key.nix b/modules/system/boot/iso_entry/signing_key.nix
new file mode 100644
index 00000000..788447be
--- /dev/null
+++ b/modules/system/boot/iso_entry/signing_key.nix
@@ -0,0 +1,18 @@
+{pkgs ? (builtins.getFlake "nixpkgs").legacyPackages."x86_64-linux"}:
+pkgs.stdenv.mkDerivation {
+  name = "archlinux_signing_keys";
+
+  outputHash = "sha256-evGWzkxMaZw3rlixKsyWCS/ZvNuZ+OfXQb6sgiHz9XY=";
+  outputHashAlgo = "sha256";
+  NIX_SSL_CERT_FILE = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+
+  nativeBuildInputs = with pkgs; [
+    sequoia-sq
+  ];
+
+  dontUnpack = true;
+
+  buildPhase = ''
+    sq --verbose --no-cert-store --no-key-store network wkd fetch pierre@archlinux.org --output "$out"
+  '';
+}
author	Benedikt Peetz <benedikt.peetz@b-peetz.de>	2024-05-20 16:10:21 +0200
committer	Benedikt Peetz <benedikt.peetz@b-peetz.de>	2024-05-20 16:14:26 +0200
commit	368cb6b0d25db2ae23be42ad51584de059997e51 (patch)
tree	3282e45d3ebced63c8498a47e83a255c35de620b /modules/system/boot/iso_entry/signing_key.nix
parent	refactor(hm): Rename to `modules/home` (diff)
download	nixos-config-368cb6b0d25db2ae23be42ad51584de059997e51.zip