NixOS Wiki

Home Assistant: Difference between revisions

← Older editNewer edit →
VisualWikitext
imported>NewAM
Added a snippet for using a private x509 certificate authority.
imported>NewAM
Update the instructions to trust a private certificate authority.
Line 371: Line 371:
Home Assistant does not natively support adding a private CA to the certificate store (see [https://community.home-assistant.io/t/add-private-cas-to-certificate-store/267452 this thread] for more details).
Home Assistant does not natively support adding a private CA to the certificate store (see [https://community.home-assistant.io/t/add-private-cas-to-certificate-store/267452 this thread] for more details).


Home Assistant trusts certificates provided by the certifi python package.  Using an override you can append your root CA certificate to the certificates provided by certifi.
Home Assistant trusts certificates provided by the certifi python package, which nix overwrites with the cacert package.  Using a overrides you can append your root CA certificate to the certificates provided by certifi.


<syntaxHighlight lang=nix>
<syntaxHighlight lang=nix>
Line 377: Line 377:
     extraPackages = py: with py; [ ];
     extraPackages = py: with py; [ ];
     packageOverrides = final: prev: {
     packageOverrides = final: prev: {
       certifi = prev.certifi.overrideAttrs (oldAttrs: {
       certifi = prev.certifi.override {
         prePatch =
         cacert = pkgs.cacert.override {
          (oldAttrs.prePatch or "")
           extraCertificateFiles = [ ./my_custom_root_ca.crt ];
           + ''
        };
            cat ${./my_private_root_ca.crt} >> certifi/cacert.pem
       };
          '';
       });
   }).overrideAttrs (oldAttrs: {
   }).overrideAttrs (oldAttrs: {
     doInstallCheck = false;
     doInstallCheck = false;
Retrieved from "https://wiki.nixos.org/wiki/Home_Assistant"