diff options
| author | Arian van Putten <arian.vanputten@gmail.com> | 2020-04-14 14:34:46 +0200 |
|---|---|---|
| committer | Arian van Putten <arian.vanputten@gmail.com> | 2020-06-15 11:02:30 +0200 |
| commit | 61f834833b0ad688817c6f26201aa12a2b26872e (patch) | |
| tree | 330d90098e0fe530e0d5c0358a3869114bf87fec /nixos/tests/acme.nix | |
| parent | 63d98cab9badccc2c76dc16b15a3c68e0b7eca4e (diff) | |
| download | nixpkgs-61f834833b0ad688817c6f26201aa12a2b26872e.tar nixpkgs-61f834833b0ad688817c6f26201aa12a2b26872e.tar.gz nixpkgs-61f834833b0ad688817c6f26201aa12a2b26872e.tar.bz2 nixpkgs-61f834833b0ad688817c6f26201aa12a2b26872e.tar.lz nixpkgs-61f834833b0ad688817c6f26201aa12a2b26872e.tar.xz nixpkgs-61f834833b0ad688817c6f26201aa12a2b26872e.tar.zst nixpkgs-61f834833b0ad688817c6f26201aa12a2b26872e.zip | |
nixos/acme: turn around test probes' dependencies
Reads a bit more naturally, and now the changes to the
acme-${cert}.service actually reflect what would be needed were you to
do the same in production.
e.g. "for dns-01, your service that needs the cert needs to pull in the
cert"
Diffstat (limited to 'nixos/tests/acme.nix')
| -rw-r--r-- | nixos/tests/acme.nix | 29 |
1 files changed, 16 insertions, 13 deletions
diff --git a/nixos/tests/acme.nix b/nixos/tests/acme.nix index fc41dc1eb5f..f871d0ea5fc 100644 --- a/nixos/tests/acme.nix +++ b/nixos/tests/acme.nix @@ -48,10 +48,9 @@ in import ./make-test-python.nix ({ lib, ... }: { security.acme.certs."standalone.test" = { webroot = "/var/lib/acme/acme-challenges"; }; - systemd.targets."acme-finished-standalone.test" = {}; - systemd.services."acme-standalone.test" = { - wants = [ "acme-finished-standalone.test.target" ]; - before = [ "acme-finished-standalone.test.target" ]; + systemd.targets."acme-finished-standalone.test" = { + after = [ "acme-standalone.test.service" ]; + wantedBy = [ "acme-standalone.test.service" ]; }; services.nginx.enable = true; services.nginx.virtualHosts."standalone.test" = { @@ -68,10 +67,11 @@ in import ./make-test-python.nix ({ lib, ... }: { # A target remains active. Use this to probe the fact that # a service fired eventhough it is not RemainAfterExit - systemd.targets."acme-finished-a.example.test" = {}; + systemd.targets."acme-finished-a.example.test" = { + after = [ "acme-a.example.test.service" ]; + wantedBy = [ "acme-a.example.test.service" ]; + }; systemd.services."acme-a.example.test" = { - wants = [ "acme-finished-a.example.test.target" ]; - before = [ "acme-finished-a.example.test.target" ]; after = [ "nginx.service" ]; }; @@ -89,10 +89,11 @@ in import ./make-test-python.nix ({ lib, ... }: { security.acme.server = "https://acme.test/dir"; specialisation.second-cert.configuration = {pkgs, ...}: { - systemd.targets."acme-finished-b.example.test" = {}; + systemd.targets."acme-finished-b.example.test" = { + after = [ "acme-b.example.test.service" ]; + wantedBy = [ "acme-b.example.test.service" ]; + }; systemd.services."acme-b.example.test" = { - wants = [ "acme-finished-b.example.test.target" ]; - before = [ "acme-finished-b.example.test.target" ]; after = [ "nginx.service" ]; }; services.nginx.virtualHosts."b.example.test" = { @@ -115,10 +116,12 @@ in import ./make-test-python.nix ({ lib, ... }: { user = config.services.nginx.user; group = config.services.nginx.group; }; - systemd.targets."acme-finished-example.test" = {}; + systemd.targets."acme-finished-example.test" = { + after = [ "acme-example.test.service" ]; + wantedBy = [ "acme-example.test.service" ]; + }; systemd.services."acme-example.test" = { - wants = [ "acme-finished-example.test.target" ]; - before = [ "acme-finished-example.test.target" "nginx.service" ]; + before = [ "nginx.service" ]; wantedBy = [ "nginx.service" ]; }; services.nginx.virtualHosts."c.example.test" = { |