From e1ff6899f637ff0b4808994d66e982a885bcd150 Mon Sep 17 00:00:00 2001
From: Timo Wilken
Date: Fri, 28 Apr 2023 21:30:35 +0200
Subject: Use proper SSL cert path

This avoids relying on nss-certs being installed system-wide.
---
 tw/services/media.scm     | 7 +++----
 tw/services/nextcloud.scm | 4 ++--
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/tw/services/media.scm b/tw/services/media.scm
index 9755af9d..ec4d0afc 100644
--- a/tw/services/media.scm
+++ b/tw/services/media.scm
@@ -1,5 +1,6 @@
 (define-module (tw services media)
   #:use-module (gnu)
+  #:use-module (gnu packages certs)
   #:use-module (gnu packages video)
   #:use-module (gnu services)
   #:use-module (gnu services configuration)
@@ -46,8 +47,7 @@ run the download script.  By default, picks a random time between 04:00 and
             #$(program-file
                "yt-dlp-command"
                #~(begin
-                   (setenv "SSL_CERT_DIR" "/etc/ssl/certs")
-                   (setenv "SSL_CERT_FILE" "/etc/ssl/certs/ca-certificates.crt")
+                   (setenv "SSL_CERT_DIR" #$(file-append nss-certs "/etc/ssl/certs"))
                    (chdir #$(yt-dlp-configuration-media-directory config))
                    ;; Auto-update if we're using yt-dlp from the media directory.
                    #$@(if yt-dlp-package '()
@@ -80,8 +80,7 @@ run the download script.  By default, picks a random time between 01:00 and
           #$(program-file
              "get-iplayer-command"
              #~(begin
-                 (setenv "SSL_CERT_DIR" "/etc/ssl/certs")
-                 (setenv "SSL_CERT_FILE" "/etc/ssl/certs/ca-certificates.crt")
+                 (setenv "SSL_CERT_DIR" #$(file-append nss-certs "/etc/ssl/certs"))
                  (execl #$(file-append (get-iplayer-configuration-get-iplayer config)
                                        "/bin/get_iplayer")
                         "get_iplayer" "--pvr" "--profile-dir"
diff --git a/tw/services/nextcloud.scm b/tw/services/nextcloud.scm
index 6f723f93..4cc6c021 100644
--- a/tw/services/nextcloud.scm
+++ b/tw/services/nextcloud.scm
@@ -1,5 +1,6 @@
 (define-module (tw services nextcloud)
   #:use-module (gnu)
+  #:use-module (gnu packages certs)
   #:use-module (gnu packages php)
   #:use-module (gnu services certbot)
   #:use-module (gnu services mcron)
@@ -104,8 +105,7 @@ Header always set Strict-Transport-Security \"max-age=15552000\"
           (list #~(job "*/5 * * * *"
                        (lambda ()
                          ;; Nextcloud News needs this to fetch HTTPS feeds.
-                         (setenv "SSL_CERT_DIR" "/run/current-system/profile/etc/ssl/certs")
-                         (setenv "SSL_CERT_FILE" "/run/current-system/profile/etc/ssl/certs/ca-certificates.crt")
+                         (setenv "SSL_CERT_DIR" #$(file-append nss-certs "/etc/ssl/certs"))
                          (chdir "/var/www/nextcloud")
                          ;; `setgid' first while we're still root
                          (setgid (group:gid (getgr "httpd")))
-- 
cgit v1.2.3