NixOS -- Install root certificate

I want to install a root certificate in NixOS. I am a Nix noob. I asked on other forums, and I got basically the same answer, which is pasted below, but I still don’t understand what I need to do.
Maybe someone can tell me how to actually do this? It doesn’t sound so hard, but I am missing the baby steps.
" Get the cert manually and add it to security.pki.certificates should do"

"consider trying to add the certificate file using

NixOS Search + nixos-rebuild "

Can you use a live distro booted from a usb drive to download it, and then mount the NixOS filesystem and write it to wherever it belongs?

Well, I think I could get my computer on a different network, and install NixOS normally, but when I bring it back to my regular network, I will need to get that cert working.

This is really a different question but I am wondering if I should install SnowflakeOS instead. I have the ISO. It won’t solve my cert problem, but maybe it is good for other reasons?

Problem with Snowflake is the installer forces me to delete and recreate my EFI partition. That’s a hassle on a multiboot system.

Indeed, any distro that wants to create its own efi partition at install time is a non-goer in a multiboot situation. Stay with distros whose installer allows you to bypass the partitioning step altogether.

Nixos looks kind of interesting in Bones, but no mention of a root certificate. Maybe I’ll try installing it in my sandbox.

I had a read up on Nixos.
Its a bit like Gentoo, only with automation. The package system manages everything…kernel, apps, config files,… It compiles like Gentoo, but it can substitute binaries to speed things up.
Driving the package system with a config file is a bit like setting up etc/portage/make.conf in Gentoo, but the similarity ends there. Portage is radically different from Nix. In Portage you do every step by hand… Nix is automated, you load up the config file and fire the gun.
I like the approach… Anything out of MIT will be clever. Just wish it was not systemd.
Anyone willing to give it a trial?

Systemd is optional.
See here, for instance:

1 Like

Thanks, that contradicts what distrowatch says. I believe you.
I may be interested now.


Damn you guys! Can I join too? :smiley: Can I be part of your NixOS gang?

I’m going to check it out in VirtualBox anyway :smiley:

And don’t get me started on systemd - when I come across a system that DOES NOT do systemd I get kinda stuck - like today - OEL 6 system… I forgot “systemctl” does not only do nothing, it doesn’t even exist!

So then I’m :

who -r

to find my runlevel…


cd /etc/rc3.d

then remembered - forehead slapping “DOH!” - a properly configured SysV init should just have symlinks to /etc/init.d so

/etc/init.d/sshd status
/etc/init.d/winbind restart
/etc/init.d/sshd restart

Lost count of the amount of times I’ve come across a system where some cowboy’s just plonked a dumb script directly in the runlevel folder and the script only does one thing, it runs the thing (i.e. no “stop|start|restart|status” options).

Yeah - we’re stuck with systemd, and I have to know it for my job, but I do miss SysV init…

One thing I LOVE about systemd - the “–user” bit - i.e. I can set something to run as me when the system boots, even if it’s headless…

Had a quick looksee at NixOS (the barebones minimal boot) - and I quite like it… I like how SSHD is already running so you can do the installation (e.g. if you’re going headless) remotely - and you can even have 2 SSH terminal sessions, one to read the manual (‘nixos-help’ fires up w3m) and another to do partitioning and formatting before installation… That’s as far as I’m going to get today… Maybe save up the lulz (lolz?) for another time when I’ve got a whole day to kill…

1 Like