Added support for installing multiple CA certificates from certs directory.

config/defaults.conf

@@ -26,7 +26,7 @@ INTERNET_CHECK_URL="https://logal.dev/"
 MIRROR_URL='https://mirrors.logal.dev/archlinux/$repo/os/$arch'
 
 # Paths
-CA_CERT_PATH="${SCRIPT_DIR}/files/certs/logalnet-internal-ca.crt"
+CA_CERTS_DIR="${SCRIPT_DIR}/files/certs"
 CONFIG_SRC_DIR="${SCRIPT_DIR}/files/etc"
 HOME_CONFIG_DIR="${SCRIPT_DIR}/files/home"
 MOUNT_POINT="/mnt"

install-arch-linux.sh

@@ -199,7 +199,7 @@ main() {
 
     setup_security "$FILESYSTEM"
     configure_ssh "$USERNAME"
-    install_ca_certificate
+    install_ca_certificates
 
     #---------------------------------------------------------------------------
     # Phase 9: Profile Installation

lib/system/security.sh

@@ -22,7 +22,7 @@
 # - Disables root account login
 # - Enables nftables firewall, smartd, and fstrim timer
 # - Configures OpenSSH with restricted settings
-# - Installs custom CA certificate to system trust store
+# - Installs custom CA certificates from certs directory to system trust store
 # - Sets up USBGuard to whitelist connected devices
 
 # Configure mkinitcpio hooks for encrypted root
@@ -78,13 +78,24 @@ show_ssh_fingerprint() {
     run_visible_cmd chroot_run ssh-keygen -lvf /etc/ssh/ssh_host_ed25519_key.pub
 }
 
-# Install custom CA certificate
-install_ca_certificate() {
-    print "Adding LogalNet Internal Certification Authority to system CA store..."
+# Install custom CA certificates from certs directory
+install_ca_certificates() {
+    local certs=("${CA_CERTS_DIR}"/*.crt)
 
-    cp "${CA_CERT_PATH}" "${MOUNT_POINT}"
-    chroot_run trust anchor --store /logalnet-internal-ca.crt
-    chroot_run rm /logalnet-internal-ca.crt
+    if [ ! -e "${certs[0]}" ]; then
+        print "No CA certificates found to install."
+        return
+    fi
+
+    for cert in "${certs[@]}"; do
+        local cert_name
+        cert_name=$(basename "$cert")
+        print "Adding ${cert_name} to system CA store..."
+
+        cp "$cert" "${MOUNT_POINT}/${cert_name}"
+        chroot_run trust anchor --store "/${cert_name}"
+        chroot_run rm "/${cert_name}"
+    done
 }
 
 # Configure USBGuard