Add a setting for configuring the SSL certificates file

[edolstra]

Motivation

This provides a platform-independent way to configure the SSL certificates file in the Nix daemon. Previously we provided instructions for overriding the environment variable in launchd, but that obviously doesn't work with systemd. Now we can just tell users to add

ssl-cert-file = /etc/ssl/my-certificate-bundle.crt

to their nix.conf.

Context

DeterminateSystems/nix-installer#289

Checklist for maintainers

Maintainers: tick if completed or explain if not relevant

• agreed on idea
• agreed on implementation strategy
• tests, as appropriate
  • functional tests - tests/**.sh
  • unit tests - src/*/tests
  • integration tests - tests/nixos/*
• documentation in the manual
• code and comments are self-explanatory
• commit message explains why the change was made
• new feature or incompatible change: updated release notes

Priorities

Add 👍 to pull requests you find important.

[nixos-discourse]

This pull request has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/nix-installer-workgroup/21495/20

[patryk4815]

@edolstra Can we add /etc/ssl/certs/ca-bundle.crt to this list?
This would help to use "nix" easily without adjusting the parameters.
ca-bundle.crt is commonly used in centos, almalinux, rockylinux, fedora

Path Settings::getDefaultSSLCertFile()
{
    for (auto & fn : {"/etc/ssl/certs/ca-certificates.crt", "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt"})
        if (pathExists(fn)) return fn;
    return "";
}

[fricklerhandwerk]

@patryk4815 it will be easier for the Nix team to track that if you open an issue, or even better make a pull request directly. Such a comment will easily slip through the cracks because the PR is closed and thus off the radar.