feat(certs): override the cacert package to always trust my own CA

nixos/certs/myCA.pem

@@ -0,0 +1,33 @@
+-----BEGIN CERTIFICATE-----
+MIIFxzCCA6+gAwIBAgIUJMyGRYgYzmcIdliK3ZF66swZb08wDQYJKoZIhvcNAQEL
+BQAwczELMAkGA1UEBhMCRlIxDzANBgNVBAgMBkZyYW5jZTEXMBUGA1UECgwOS2hh
+w4PCr3MgQ09MSU4xFDASBgNVBAMMC25peG9zLmxvY2FsMSQwIgYJKoZIhvcNAQkB
+FhVraGFpcy5jb2xpbkBnbWFpbC5jb20wHhcNMjQwODExMDgzNTE1WhcNMjUwODEx
+MDgzNTE1WjBzMQswCQYDVQQGEwJGUjEPMA0GA1UECAwGRnJhbmNlMRcwFQYDVQQK
+DA5LaGHDg8KvcyBDT0xJTjEUMBIGA1UEAwwLbml4b3MubG9jYWwxJDAiBgkqhkiG
+9w0BCQEWFWtoYWlzLmNvbGluQGdtYWlsLmNvbTCCAiIwDQYJKoZIhvcNAQEBBQAD
+ggIPADCCAgoCggIBAMvggjAbpoV+GFRJ3stnAmalq6UtfiMayLw3qTECPEUz2YU1
+xZxxLtv/SgkHTvHnAJCFNc+QY6b0OijJXyOLnDb57P2bBc50PQ4wrYcvMQIaCcwq
+mPWyE6k7GahdPDbhc4fs818qPDcod2BqR3Vn3BeGurAFEDZGXk15jn1yxn49zWx7
+TcJ9/5t9Wi4qvTyy3Jxymw1YWYGC4YtYRe0ajngRbkgMEp3ChHF0kIXZJCxrVWIy
+v4EAxlUsiGF5xYZVzrHMr3squ7GmO6iX6xQDrDY/h17p40C+Uwzl1XqAilETt+/p
+ThOLjQrOUCgYVV7+0wQr72LpYb+k8EuGzo2CAzUCIJHQqEuhYJK3x8GEeht8OgrL
+/8ffWDLMXiEuMtNaP0WINYPV5rwTG3Bn7sb61Yr7S8XJ+XyjIx7k+A5k9ApuN3yG
+5McVn9TqpIIYMACexyLEPEkYYOVNyhVsh8F9h+fW358c3scp+YAj+tUDqr7h70Yc
+SA57T0hESPi5GkKxPCaARdz5wjJfN44XjYci6u/oMu8ROJuVUEmaa83ISjgeVxd/
+NZsiBKHEup1t+GqpfBBd3jCVwml8agPIOGxWvS7bWjDy3368wtWR1iTPG3e/Wld9
+1U2fJ2KE6NDrcrjesvIQf0nnWSL8NLC4xpqOu3lDaYau4jef5xYyIUJihN7XAgMB
+AAGjUzBRMB0GA1UdDgQWBBQcge+CfVA8SyQCQmMsZurYj2KDlzAfBgNVHSMEGDAW
+gBQcge+CfVA8SyQCQmMsZurYj2KDlzAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3
+DQEBCwUAA4ICAQAHRoze2hwvrxGZ+G0V94AD/D5Dc6T3rJHcvXrJaDiTwkyx9igp
+VOjYG+KWSbX0RT2Zrg4LrmneLZ0H2eMtuU7yaLzsKip6AC1RwJdhjMUjrr9qO7t7
+f9iRGjpCCOS83aHuuIdeWVUqSSKtcx5xtlFH7wEyXp2/Z5q5ceuMXN41C6uAhhyt
+CEdI5dxMUdNshA81N7lhMJbIMgiitQLMLrS1agTqEpAjFPy9nNri27SR5LryWDQ5
+iAhjMl4VpHUmO72Nl+5a+h/BXJVcAR9p7ON7ZMKh4adulGfrFIkyb9yz8SMw4QzL
+UBLAHcztiYWnM0W4YNbiok5qgLBPU9jebFYc3tVFozdokBlG94TMz/lIte0Kq1Ro
+zdR64Q3lduqpnsnL8F7ud1Xxg/jNWc7kjPbt7jncF6YZcfz6UYw7ZbKjU+P5qFEE
+3ZPVTNk0B9A9hbjyyARN/6bVvfzNHynRHHxbjK2jhiTAcnzZ8HKr1BZr5670UXxZ
+3FSmYmdYH6ESn1Kuvz4cwa1CmBRirV+KWyGhT9QRoiRlPDMfpQgUzAEo9438uRV+
+1EbnLt6aqy1kuBQPonLbvySfzFthwa4RPBMsDAOZN27GhY1mihtI6lxTEB1iV4Nx
+T8U50GsQuw3J0EAWhhpM4BPFOye6RWY8/cPcl6lY2Ddhfn9J5viqhQj2iA==
+-----END CERTIFICATE-----

nixos/configuration.nix

@@ -127,6 +127,10 @@ in
 
   # Allow unfree packages
   nixpkgs.config.allowUnfree = true;
+  # configure overlays
+  nixpkgs.overlays = [
+    (import ./overlays/cacert.nix)
+  ];
 
   # List packages installed in system profile. To search, run:
   # $ nix search wget

nixos/overlays/cacert.nix

@@ -0,0 +1,6 @@
+self: super:
+{
+  cacert = super.cacert.override {
+    extraCertificateFiles = [ ../certs/myCA.pem ];
+  };
+}