Fix some references to deprecated /etc/ssl/certs/ca-bundle.crt

nixos/modules/programs/venus.nix

@@ -165,7 +165,7 @@ in
         script = "exec venus-planet ${configFile}";
         serviceConfig.User = "${cfg.user}";
         serviceConfig.Group = "${cfg.group}";
-        environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
+        environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";
         startAt = cfg.dates;
       };
 

nixos/modules/security/ca.nix

@@ -4,7 +4,7 @@ with lib;
 
 let
 
-  caBundle = pkgs.runCommand "ca-bundle.crt"
+  caCertificates = pkgs.runCommand "ca-certificates.crt"
     { files =
         config.security.pki.certificateFiles ++
         [ (builtins.toFile "extra.crt" (concatStringsSep "\n" config.security.pki.certificates)) ];
@@ -26,7 +26,7 @@ in
       description = ''
         A list of files containing trusted root certificates in PEM
         format. These are concatenated to form
-        <filename>/etc/ssl/certs/ca-bundle.crt</filename>, which is
+        <filename>/etc/ssl/certs/ca-certificates.crt</filename>, which is
         used by many programs that use OpenSSL, such as
         <command>curl</command> and <command>git</command>.
       '';
@@ -56,13 +56,13 @@ in
     security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
 
     # NixOS canonical location + Debian/Ubuntu/Arch/Gentoo compatibility.
-    environment.etc."ssl/certs/ca-certificates.crt".source = caBundle;
+    environment.etc."ssl/certs/ca-certificates.crt".source = caCertificates;
 
     # Old NixOS compatibility.
-    environment.etc."ssl/certs/ca-bundle.crt".source = caBundle;
+    environment.etc."ssl/certs/ca-bundle.crt".source = caCertificates;
 
     # CentOS/Fedora compatibility.
-    environment.etc."pki/tls/certs/ca-bundle.crt".source = caBundle;
+    environment.etc."pki/tls/certs/ca-bundle.crt".source = caCertificates;
 
     environment.sessionVariables =
       { SSL_CERT_FILE          = "/etc/ssl/certs/ca-certificates.crt";

nixos/modules/services/misc/nix-daemon.nix

@@ -364,7 +364,7 @@ in
           ++ optionals cfg.distributedBuilds [ pkgs.gzip ];
 
         environment = cfg.envVars
-          // { CURL_CA_BUNDLE = "/etc/ssl/certs/ca-bundle.crt"; }
+          // { CURL_CA_BUNDLE = "/etc/ssl/certs/ca-certificates.crt"; }
           // config.networking.proxy.envVars;
 
         serviceConfig =

nixos/modules/services/monitoring/dd-agent.nix

@@ -183,7 +183,7 @@ in {
         Restart = "always";
         RestartSec = 2;
       };
-      environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
+      environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";
       restartTriggers = [ pkgs.dd-agent ddConf diskConfig networkConfig postgresqlConfig nginxConfig mongoConfig ];
     };
 

nixos/modules/services/networking/ddclient.nix

@@ -127,7 +127,7 @@ in
       wantedBy = [ "multi-user.target" ];
       after = [ "network.target" ];
 
-      environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-bundle.crt";
+      environment.SSL_CERT_FILE = "/etc/ssl/certs/ca-certificates.crt";
       serviceConfig = {
         # Uncomment this if too many problems occur:
         # Type = "forking";