diff options
| author | aszlig <aszlig@redmoonstudios.org> | 2017-07-27 13:24:17 +0200 |
|---|---|---|
| committer | aszlig <aszlig@redmoonstudios.org> | 2017-09-13 23:16:37 +0200 |
| commit | 11b3ae74e19a075e8d733af99530fbbe697cf0d5 (patch) | |
| tree | d1153cf636df2d6999ef2c1123213bd76945a3d6 /nixos/tests/acme.nix | |
| parent | b3162a107491ce306996de591926830b68e9bc69 (diff) | |
| download | nixpkgs-11b3ae74e19a075e8d733af99530fbbe697cf0d5.tar nixpkgs-11b3ae74e19a075e8d733af99530fbbe697cf0d5.tar.gz nixpkgs-11b3ae74e19a075e8d733af99530fbbe697cf0d5.tar.bz2 nixpkgs-11b3ae74e19a075e8d733af99530fbbe697cf0d5.tar.lz nixpkgs-11b3ae74e19a075e8d733af99530fbbe697cf0d5.tar.xz nixpkgs-11b3ae74e19a075e8d733af99530fbbe697cf0d5.tar.zst nixpkgs-11b3ae74e19a075e8d733af99530fbbe697cf0d5.zip | |
nixos/tests: Add a basic test for ACME
The test here is pretty basic and only tests nginx, but it should get us started to write tests for different webservers and different ACME implementations. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Diffstat (limited to 'nixos/tests/acme.nix')
| -rw-r--r-- | nixos/tests/acme.nix | 62 |
1 files changed, 62 insertions, 0 deletions
diff --git a/nixos/tests/acme.nix b/nixos/tests/acme.nix new file mode 100644 index 00000000000..a48f4d75ae3 --- /dev/null +++ b/nixos/tests/acme.nix @@ -0,0 +1,62 @@ +let + commonConfig = { config, lib, pkgs, nodes, ... }: { + networking.nameservers = [ + nodes.letsencrypt.config.networking.primaryIPAddress + ]; + + nixpkgs.overlays = lib.singleton (self: super: { + cacert = super.cacert.overrideDerivation (drv: { + installPhase = (drv.installPhase or "") + '' + cat "${nodes.letsencrypt.config.test-support.letsencrypt.caCert}" \ + >> "$out/etc/ssl/certs/ca-bundle.crt" + ''; + }); + + pythonPackages = (super.python.override { + packageOverrides = lib.const (pysuper: { + requests = pysuper.requests.overrideDerivation (drv: { + postPatch = (drv.postPatch or "") + '' + cat "${self.cacert}/etc/ssl/certs/ca-bundle.crt" \ + > requests/cacert.pem + ''; + }); + }); + }).pkgs; + }); + }; + +in import ./make-test.nix { + name = "acme"; + + nodes = { + letsencrypt = ./common/letsencrypt.nix; + + webserver = { config, pkgs, ... }: { + imports = [ commonConfig ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + networking.extraHosts = '' + ${config.networking.primaryIPAddress} example.com + ''; + + services.nginx.enable = true; + services.nginx.virtualHosts."example.com" = { + enableACME = true; + forceSSL = true; + locations."/".root = pkgs.runCommand "docroot" {} '' + mkdir -p "$out" + echo hello world > "$out/index.html" + ''; + }; + }; + + client = commonConfig; + }; + + testScript = '' + $letsencrypt->waitForUnit("boulder.service"); + startAll; + $webserver->waitForUnit("acme-certificates.target"); + $client->succeed('curl https://example.com/ | grep -qF "hello world"'); + ''; +} |