HSMW-VPN Working

system-modules/hsmw.nix

@@ -24,6 +24,8 @@
     # '';
 
     "ipsec.d/hsmw.secrets".text = ''${secrets.email.hsmw.mail} : EAP "${secrets.email.hsmw.password}"'';
+    "ipsec.d/USERTrust-ECC.pem".source = ../secrets/vpn-hsmw/USERTrust-ECC-Certification-Authority.pem;
+    "ipsec.d/USERTrust-RSA.pem".source = ../secrets/vpn-hsmw/USERTrust-RSA-Certification-Authority.pem;
   };
 
   services.strongswan = {
@@ -77,8 +79,11 @@
       "resolve"
     ];
     secrets = [ "/etc/ipsec.d/hsmw.secrets" ];
-    # ca = {
-      # ??? # https://mynixos.com/nixpkgs/option/services.strongswan.ca
-    # }
+    ca = {
+      hsmw = {
+        auto = "add";
+        cacert = "/etc/ipsec.d/USERTrust-RSA.pem";
+      };
+    };
   };
 }