strongswan: set the right dir for TLS CA cert

This fixes an issue where the strongswan NM client is not able to
connect to a VPN. By default it tries to load the trust CA from
/usr/share/ca-certificates which doesn't exist in NixOS and most modern
distros.

See debian-related issue:
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835095

pkgs/tools/networking/strongswan/default.nix

@@ -78,7 +78,10 @@ stdenv.mkDerivation rec {
          "--with-tss=trousers"
          "--enable-aikgen"
          "--enable-sqlite" ]
-    ++ optional enableNetworkManager "--enable-nm";
+    ++ optionals enableNetworkManager [
+         "--enable-nm"
+         "--with-nm-ca-dir=/etc/ssl/certs"
+    ];
 
   postInstall = ''
     # this is needed for l2tp