Fix SSL requests in containers

[erikreinert]

Overview

When deploying a service that makes requests to third-party locations (like Twitch) you may see failures like this in the logs:

2024/01/20 03:52:12 FATA Get "https://api.twitch.tv/helix/users": tls: failed to verify certificate: x509: certificate signed by unknown authority

The reason for this is that container images built by Nix do not include these certificates. This can be fixed by adding the following to the flake derivation:

docker = buildImage {
  inherit name;
  tag = version;
  config = {
    Cmd = "${self'.packages.default}/bin/${name}";
    Env = [
      "SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
    ];
  };
};