diff --git a/nixos/modules/programs/venus.nix b/nixos/modules/programs/venus.nix
index 8f85b602fe2c..c3756b4838c7 100644
--- a/nixos/modules/programs/venus.nix
+++ b/nixos/modules/programs/venus.nix
@@ -165,7 +165,7 @@ in
script = "exec venus-planet ${configFile}";
serviceConfig.User = "${cfg.user}";
serviceConfig.Group = "${cfg.group}";
- environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
+ environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";
startAt = cfg.dates;
};
diff --git a/nixos/modules/security/ca.nix b/nixos/modules/security/ca.nix
index ddfad52d42ed..98d73ed25426 100644
--- a/nixos/modules/security/ca.nix
+++ b/nixos/modules/security/ca.nix
@@ -4,7 +4,7 @@ with lib;
let
- caBundle = pkgs.runCommand "ca-bundle.crt"
+ caCertificates = pkgs.runCommand "ca-certificates.crt"
{ files =
config.security.pki.certificateFiles ++
[ (builtins.toFile "extra.crt" (concatStringsSep "\n" config.security.pki.certificates)) ];
@@ -26,7 +26,7 @@ in
description = ''
A list of files containing trusted root certificates in PEM
format. These are concatenated to form
- /etc/ssl/certs/ca-bundle.crt, which is
+ /etc/ssl/certs/ca-certificates.crt, which is
used by many programs that use OpenSSL, such as
curl and git.
'';
@@ -56,13 +56,13 @@ in
security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
# NixOS canonical location + Debian/Ubuntu/Arch/Gentoo compatibility.
- environment.etc."ssl/certs/ca-certificates.crt".source = caBundle;
+ environment.etc."ssl/certs/ca-certificates.crt".source = caCertificates;
# Old NixOS compatibility.
- environment.etc."ssl/certs/ca-bundle.crt".source = caBundle;
+ environment.etc."ssl/certs/ca-bundle.crt".source = caCertificates;
# CentOS/Fedora compatibility.
- environment.etc."pki/tls/certs/ca-bundle.crt".source = caBundle;
+ environment.etc."pki/tls/certs/ca-bundle.crt".source = caCertificates;
environment.sessionVariables =
{ SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";
diff --git a/nixos/modules/services/misc/nix-daemon.nix b/nixos/modules/services/misc/nix-daemon.nix
index da03eb17e302..8e984727a80e 100644
--- a/nixos/modules/services/misc/nix-daemon.nix
+++ b/nixos/modules/services/misc/nix-daemon.nix
@@ -364,7 +364,7 @@ in
++ optionals cfg.distributedBuilds [ pkgs.gzip ];
environment = cfg.envVars
- // { CURL_CA_BUNDLE = "/etc/ssl/certs/ca-bundle.crt"; }
+ // { CURL_CA_BUNDLE = "/etc/ssl/certs/ca-certificates.crt"; }
// config.networking.proxy.envVars;
serviceConfig =
diff --git a/nixos/modules/services/monitoring/dd-agent.nix b/nixos/modules/services/monitoring/dd-agent.nix
index 8c847af3bfc0..ed9be73ba65b 100644
--- a/nixos/modules/services/monitoring/dd-agent.nix
+++ b/nixos/modules/services/monitoring/dd-agent.nix
@@ -183,7 +183,7 @@ in {
Restart = "always";
RestartSec = 2;
};
- environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
+ environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";
restartTriggers = [ pkgs.dd-agent ddConf diskConfig networkConfig postgresqlConfig nginxConfig mongoConfig ];
};
diff --git a/nixos/modules/services/networking/ddclient.nix b/nixos/modules/services/networking/ddclient.nix
index ee06dfbbca3a..e60520c742bd 100644
--- a/nixos/modules/services/networking/ddclient.nix
+++ b/nixos/modules/services/networking/ddclient.nix
@@ -127,7 +127,7 @@ in
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
- environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
+ environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";
serviceConfig = {
# Uncomment this if too many problems occur:
# Type = "forking";